-1008447890 | 2024-05-02T19:28:09.365600
135 /
tcp
Microsoft RPC Endpoint Mapper
d95afe70-a6d5-4259-822e-2c84da1ddb0d
version: v1.0
protocol: [MS-RSP]: Remote Shutdown Protocol
provider: wininit.exe
ncacn_ip_tcp: 104.236.196.119:49152
ncalrpc: WindowsShutdown
ncacn_np: \\WIN-1CR7ENJLVSE\PIPE\InitShutdown
ncalrpc: WMsgKRpc046B60
76f226c3-ec14-4325-8a99-6a46348418af
version: v1.0
provider: winlogon.exe
ncalrpc: WindowsShutdown
ncacn_np: \\WIN-1CR7ENJLVSE\PIPE\InitShutdown
ncalrpc: WMsgKRpc046B60
ncalrpc: WMsgKRpc046D91
ncalrpc: WMsgKRpc02094A2
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277
version: v1.0
annotation: Impl friendly name
provider: sysntfy.dll
ncalrpc: LRPC-844626918109c35391
ncacn_np: \\WIN-1CR7ENJLVSE\PIPE\srvsvc
ncacn_ip_tcp: 104.236.196.119:49154
ncacn_np: \\WIN-1CR7ENJLVSE\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLE4E001966F08341D3A2438738204A
ncalrpc: IUserProfile2
ncalrpc: senssvc
ncalrpc: OLE4E001966F08341D3A2438738204A
ncalrpc: IUserProfile2
ncalrpc: OLE4E001966F08341D3A2438738204A
ncalrpc: IUserProfile2
ncalrpc: IUserProfile2
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6
version: v1.0
annotation: DHCPv6 Client LRPC Endpoint
provider: dhcpcsvc6.dll
ncalrpc: dhcpcsvc6
ncalrpc: dhcpcsvc
ncacn_ip_tcp: 104.236.196.119:49153
ncacn_np: \\WIN-1CR7ENJLVSE\pipe\eventlog
ncalrpc: eventlog
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5
version: v1.0
annotation: DHCP Client LRPC Endpoint
provider: dhcpcsvc.dll
ncalrpc: dhcpcsvc
ncacn_ip_tcp: 104.236.196.119:49153
ncacn_np: \\WIN-1CR7ENJLVSE\pipe\eventlog
ncalrpc: eventlog
30adc50c-5cbc-46ce-9a0e-91914789e23c
version: v1.0
annotation: NRP server endpoint
provider: nrpsrv.dll
ncacn_ip_tcp: 104.236.196.119:49153
ncacn_np: \\WIN-1CR7ENJLVSE\pipe\eventlog
ncalrpc: eventlog
f6beaff7-1e19-4fbb-9f8f-b89e2018337c
version: v1.0
annotation: Event log TCPIP
protocol: [MS-EVEN6]: EventLog Remoting Protocol
provider: wevtsvc.dll
ncacn_ip_tcp: 104.236.196.119:49153
ncacn_np: \\WIN-1CR7ENJLVSE\pipe\eventlog
ncalrpc: eventlog
8c7daf44-b6dc-11d1-9a4c-0020af6e7c57
version: v1.0
provider: appmgmts.dll
ncacn_np: \\WIN-1CR7ENJLVSE\PIPE\srvsvc
ncacn_ip_tcp: 104.236.196.119:49154
ncacn_np: \\WIN-1CR7ENJLVSE\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLE4E001966F08341D3A2438738204A
ncalrpc: IUserProfile2
58e604e8-9adb-4d2e-a464-3b0683fb1480
version: v1.0
annotation: AppInfo
provider: appinfo.dll
ncacn_np: \\WIN-1CR7ENJLVSE\PIPE\srvsvc
ncacn_ip_tcp: 104.236.196.119:49154
ncacn_np: \\WIN-1CR7ENJLVSE\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLE4E001966F08341D3A2438738204A
ncalrpc: IUserProfile2
fd7a0523-dc70-43dd-9b2e-9c5ed48225b1
version: v1.0
annotation: AppInfo
provider: appinfo.dll
ncacn_np: \\WIN-1CR7ENJLVSE\PIPE\srvsvc
ncacn_ip_tcp: 104.236.196.119:49154
ncacn_np: \\WIN-1CR7ENJLVSE\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLE4E001966F08341D3A2438738204A
ncalrpc: IUserProfile2
5f54ce7d-5b79-4175-8584-cb65313a0e98
version: v1.0
annotation: AppInfo
provider: appinfo.dll
ncacn_np: \\WIN-1CR7ENJLVSE\PIPE\srvsvc
ncacn_ip_tcp: 104.236.196.119:49154
ncacn_np: \\WIN-1CR7ENJLVSE\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLE4E001966F08341D3A2438738204A
ncalrpc: IUserProfile2
201ef99a-7fa0-444c-9399-19ba84f12a1a
version: v1.0
annotation: AppInfo
provider: appinfo.dll
ncacn_np: \\WIN-1CR7ENJLVSE\PIPE\srvsvc
ncacn_ip_tcp: 104.236.196.119:49154
ncacn_np: \\WIN-1CR7ENJLVSE\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLE4E001966F08341D3A2438738204A
ncalrpc: IUserProfile2
30b044a5-a225-43f0-b3a4-e060df91f9c1
version: v1.0
provider: certprop.dll
ncacn_np: \\WIN-1CR7ENJLVSE\PIPE\srvsvc
ncacn_ip_tcp: 104.236.196.119:49154
ncacn_np: \\WIN-1CR7ENJLVSE\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLE4E001966F08341D3A2438738204A
ncalrpc: IUserProfile2
98716d03-89ac-44c7-bb8c-285824e51c4a
version: v1.0
annotation: XactSrv service
provider: srvsvc.dll
ncacn_ip_tcp: 104.236.196.119:49154
ncacn_np: \\WIN-1CR7ENJLVSE\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLE4E001966F08341D3A2438738204A
ncalrpc: IUserProfile2
552d076a-cb29-4e44-8b6a-d15e59e2c0af
version: v1.0
annotation: IP Transition Configuration endpoint
provider: iphlpsvc.dll
ncacn_ip_tcp: 104.236.196.119:49154
ncacn_np: \\WIN-1CR7ENJLVSE\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLE4E001966F08341D3A2438738204A
ncalrpc: IUserProfile2
86d35949-83c9-4044-b424-db363231fd0c
version: v1.0
protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
provider: schedsvc.dll
ncacn_ip_tcp: 104.236.196.119:49154
ncacn_np: \\WIN-1CR7ENJLVSE\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLE4E001966F08341D3A2438738204A
ncalrpc: IUserProfile2
378e52b0-c0a9-11cf-822d-00aa0051e40f
version: v1.0
protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
provider: taskcomp.dll
ncacn_np: \\WIN-1CR7ENJLVSE\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLE4E001966F08341D3A2438738204A
ncalrpc: IUserProfile2
1ff70682-0a51-30e8-076d-740be8cee98b
version: v1.0
protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
provider: taskcomp.dll
ncacn_np: \\WIN-1CR7ENJLVSE\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLE4E001966F08341D3A2438738204A
ncalrpc: IUserProfile2
0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53
version: v1.0
provider: schedsvc.dll
ncalrpc: senssvc
ncalrpc: OLE4E001966F08341D3A2438738204A
ncalrpc: IUserProfile2
2eb08e3e-639f-4fba-97b1-14f878961076
version: v1.0
provider: gpsvc.dll
ncalrpc: OLE4E001966F08341D3A2438738204A
ncalrpc: IUserProfile2
24019106-a203-4642-b88d-82dae9158929
version: v1.0
provider: authui.dll
ncalrpc: LRPC-c699c78badf0b2639a
3473dd4d-2e88-4006-9cba-22570909dd10
version: v5.256
annotation: WinHttp Auto-Proxy Service
ncacn_np: \\WIN-1CR7ENJLVSE\PIPE\W32TIME_ALT
ncalrpc: W32TIME_ALT
ncalrpc: LRPC-222cf45b1f637e881b
ncalrpc: OLE5361C4C6098848909AA3DD804CE1
7ea70bcf-48af-4f6a-8968-6a440754d5fa
version: v1.0
annotation: NSI server endpoint
provider: nsisvc.dll
ncalrpc: LRPC-222cf45b1f637e881b
ncalrpc: OLE5361C4C6098848909AA3DD804CE1
2fb92682-6599-42dc-ae13-bd2ca89bd11c
version: v1.0
annotation: Fw APIs
provider: MPSSVC.dll
ncalrpc: LRPC-f007be370e49a2192a
7f9d11bf-7fb9-436b-a812-b2d50c5d4c03
version: v1.0
annotation: Fw APIs
provider: MPSSVC.dll
ncalrpc: LRPC-f007be370e49a2192a
dd490425-5325-4565-b774-7e27d6c09c24
version: v1.0
annotation: Base Firewall Engine API
provider: BFE.DLL
ncalrpc: LRPC-f007be370e49a2192a
7f1343fe-50a9-4927-a778-0c5859517bac
version: v1.0
annotation: DfsDs service
ncacn_np: \\WIN-1CR7ENJLVSE\PIPE\wkssvc
ncalrpc: DNSResolver
4a452661-8290-4b36-8fbe-7f4093a94978
version: v1.0
annotation: Spooler function endpoint
provider: spoolsv.exe
ncalrpc: spoolss
ae33069b-a2a8-46ee-a235-ddfd339be281
version: v1.0
annotation: Spooler base remote object endpoint
protocol: [MS-PAN]: Print System Asynchronous Notification Protocol
provider: spoolsv.exe
ncalrpc: spoolss
0b6edbfa-4a24-4fc6-8a23-942b1eca65d1
version: v1.0
annotation: Spooler function endpoint
protocol: [MS-PAN]: Print System Asynchronous Notification Protocol
provider: spoolsv.exe
ncalrpc: spoolss
367abb81-9844-35f1-ad32-98f038001003
version: v2.0
protocol: [MS-SCMR]: Service Control Manager Remote Protocol
provider: services.exe
ncacn_ip_tcp: 104.236.196.119:49155
12345778-1234-abcd-ef00-0123456789ac
version: v1.0
protocol: [MS-SAMR]: Security Account Manager (SAM) Remote Protocol
provider: samsrv.dll
ncacn_ip_tcp: 104.236.196.119:49158
ncalrpc: samss lpc
ncalrpc: dsrole
ncacn_np: \\WIN-1CR7ENJLVSE\PIPE\protected_storage
ncalrpc: protected_storage
ncalrpc: lsasspirpc
ncalrpc: lsapolicylookup
ncalrpc: LSARPC_ENDPOINT
ncalrpc: securityevent
ncalrpc: audit
ncalrpc: LRPC-4e5dc84dda295e21b3
ncacn_np: \\WIN-1CR7ENJLVSE\pipe\lsass
12e65dd8-887f-41ef-91bf-8d816c42c2e7
version: v1.0
annotation: Secure Desktop LRPC interface
provider: winlogon.exe
ncalrpc: WMsgKRpc02094A2
906b0ce0-c70b-1067-b317-00dd010662da
version: v1.0
protocol: [MS-CMPO]: MSDTC Connection Manager:
provider: msdtcprx.dll
ncalrpc: LRPC-a5308a20df409d1967
ncalrpc: LRPC-a5308a20df409d1967
ncalrpc: LRPC-a5308a20df409d1967
ncalrpc: LRPC-a5308a20df409d1967
1641389631 | 2024-05-16T10:29:26.678707
445 /
tcp
SMB Status:
Authentication: enabled
SMB Version: 1
OS: Windows Server 2008 R2 Standard 7601 Service Pack 1
Software: Windows Server 2008 R2 Standard 6.1
Capabilities: extended-security, infolevel-passthru, large-files, large-readx, large-writex, level2-oplocks, lock-and-read, lwio, nt-find, nt-smb, nt-status, rpc-remote-api, unicode
-389622329 | 2024-05-11T20:18:54.981251
3389 /
tcp
Remote Desktop Protocol
\x03\x00\x00\x13\x0e\xd0\x00\x00\x124\x00\x02\t\x08\x00\x02\x00\x00\x00
Remote Desktop Protocol NTLM Info:
OS: Windows 7/Windows Server 2008 R2
OS Build: 6.1.7601
Target Name: WIN-1CR7ENJLVSE
NetBIOS Domain Name: WIN-1CR7ENJLVSE
NetBIOS Computer Name: WIN-1CR7ENJLVSE
DNS Domain Name: WIN-1CR7ENJLVSE
FQDN: WIN-1CR7ENJLVSE
Administrator
Logged on
kK)
(A
4 Windows Server-2008rz
Standard
SSL Certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6c:62:59:e0:e7:a7:fc:87:47:05:bd:50:c5:8a:b0:02
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=WIN-1CR7ENJLVSE
Validity
Not Before: Jan 2 17:00:02 2024 GMT
Not After : Jul 3 17:00:02 2024 GMT
Subject: CN=WIN-1CR7ENJLVSE
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ae:2b:62:d6:9b:7d:3d:a9:ee:db:be:24:3c:6b:
b0:05:60:43:78:d2:9d:58:bc:bc:71:fa:db:a9:83:
2d:3e:f6:b0:eb:ad:04:4b:ec:7a:b3:72:de:e7:13:
29:67:99:5a:7c:7c:df:a7:6c:45:57:1d:62:52:b9:
f0:72:60:dd:5c:a9:f7:e9:27:93:1b:b7:cb:9c:23:
51:f0:e2:ee:93:c5:57:de:54:7e:13:a4:84:af:4c:
3e:4a:56:14:45:7e:16:27:40:c2:88:c4:ec:f6:a0:
1b:b0:56:65:43:72:fb:8b:30:11:d6:65:50:3e:6c:
7a:52:07:17:d2:3d:62:1c:ca:60:7f:9e:1c:d2:37:
62:35:aa:79:d8:35:f2:46:ad:38:45:a9:35:bb:b6:
39:a8:54:2f:26:8d:21:6a:0b:ae:fe:11:da:08:97:
c8:21:50:a2:37:7a:f6:14:2e:ee:97:9c:33:f9:4b:
d1:37:8e:08:11:81:54:ad:98:19:6a:ff:a9:34:52:
43:c0:23:33:be:da:7a:48:ae:9f:9e:1a:b2:96:08:
ea:94:90:2f:e1:99:8c:56:52:fa:6b:c9:6b:a2:06:
2d:a4:78:4b:c9:a3:ff:4c:e0:a6:a5:0f:cd:da:90:
1a:92:7b:42:e0:61:bc:68:c0:3f:a1:e3:50:82:80:
a8:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage:
Key Encipherment, Data Encipherment
Signature Algorithm: sha1WithRSAEncryption
Signature Value:
6a:07:41:c2:9d:71:e2:c1:15:aa:ea:9f:16:1f:b0:3e:db:60:
0a:51:6b:73:25:db:7d:cb:cd:34:97:92:53:91:10:6a:10:84:
18:7d:7f:a7:78:4a:4d:c9:73:af:96:8b:a9:61:94:a8:47:60:
94:fe:e8:c7:0a:94:ac:c6:ef:79:6d:a3:17:c5:02:79:a7:27:
b4:a4:db:78:a4:4e:9d:16:4b:17:89:20:43:20:2b:36:6d:4e:
5d:d6:ea:1b:1b:21:7f:4c:51:1d:76:b0:c6:a8:d5:7d:c2:ca:
96:bb:40:d8:b5:8d:8f:70:22:38:ab:ad:b8:ef:b7:a8:39:b2:
33:98:6f:f9:80:d0:7f:9a:9d:9f:b1:c1:51:8e:8d:a5:a3:97:
01:49:50:60:db:79:2a:94:a5:2c:e7:cd:d5:c4:73:bd:96:6b:
14:ad:89:f2:70:44:dd:ca:01:d9:8d:5f:57:5a:7c:24:3b:6a:
5b:72:2a:90:d3:18:f5:c0:36:48:12:99:f7:bb:e8:fc:c2:3a:
5e:43:c9:ad:f3:fd:f7:df:c7:e8:16:d5:18:7d:64:9c:35:66:
09:46:7d:73:65:82:81:7f:0d:f6:a9:6a:92:1b:da:38:b5:3e:
ef:ca:ee:15:7c:67:95:6d:c5:36:35:0a:38:d6:be:ad:6c:c7:
a6:df:d1:a4
