842591299 | 2024-04-17T18:02:21.084403
22 /
tcp
SSH-2.0-SilverSHielD
Key type: ssh-rsa
Key: AAAAB3NzaC1yc2EAAAADAQABAAAAgQC7TaIxbeNTovau/HU7Si1ioG4BoArZagtJ7Vtt0UUJNTL9
fGmXpPUvmxYVnQoJmofSayZFwe5JFM0j3dboPmSYawuFqYhYqHGYfgGRjhXpL1hte6mmaaL5Xiwd
tOuLlaAJEZgEEQdybu4PdaVmw8aYJEySjFwaAuSk/s1QGBP38Q==
Fingerprint: 63:62:9a:df:5a:10:a9:6e:21:bf:32:fc:f5:da:c4:9b
Kex Algorithms:
diffie-hellman-group-exchange-sha1
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
Server Host Key Algorithms:
ssh-rsa
Encryption Algorithms:
3des-cbc
blowfish-cbc
twofish256-cbc
twofish192-cbc
twofish128-cbc
aes256-cbc
aes192-cbc
aes128-cbc
serpent256-cbc
serpent192-cbc
serpent128-cbc
arcfour
idea-cbc
cast128-cbc
des-cbc
aes128-ctr
aes192-ctr
aes256-ctr
3des-ctr
blowfish-ctr
twofish128-ctr
twofish192-ctr
twofish256-ctr
serpent128-ctr
serpent192-ctr
serpent256-ctr
idea-ctr
cast128-ctr
arcfour128
arcfour256
MAC Algorithms:
hmac-sha1
hmac-sha1-96
hmac-md5
hmac-md5-96
hmac-ripemd160
hmac-ripemd
hmac-ripemd160@openssh.com
hmac-sha256@ssh.com
hmac-sha256-96@ssh.com
umac-32@openssh.com
umac-64@openssh.com
umac-96@openssh.com
umac-128@openssh.com
Compression Algorithms:
none
zlib
zlib@openssh.com
1375978069 | 2024-04-12T19:25:54.876224
135 /
tcp
Microsoft RPC Endpoint Mapper
d95afe70-a6d5-4259-822e-2c84da1ddb0d
version: v1.0
protocol: [MS-RSP]: Remote Shutdown Protocol
provider: wininit.exe
ncacn_ip_tcp: 167.114.101.231:49664
ncalrpc: WindowsShutdown
ncacn_np: \\Win7pese\PIPE\InitShutdown
ncalrpc: WMsgKRpc01ACA20
76f226c3-ec14-4325-8a99-6a46348418af
version: v1.0
provider: winlogon.exe
ncalrpc: WindowsShutdown
ncacn_np: \\Win7pese\PIPE\InitShutdown
ncalrpc: WMsgKRpc01ACA20
5c9a4cd7-ba75-45d2-9898-1773b3d1e5f1
version: v1.0
annotation: Device Install Service RPC Interface
ncalrpc: LRPC-d4e92260634c2eebd7
d09bdeb5-6171-4a34-bfe2-06fa82652568
version: v1.0
ncalrpc: csebpub
ncalrpc: LRPC-741530c8c6b815f0e4
ncalrpc: LRPC-8e9d4fe6941fad2204
ncacn_np: \\Win7pese\pipe\LSM_API_service
ncalrpc: LSMApi
ncalrpc: LRPC-4b16b705935f7b2d6e
ncalrpc: actkernel
ncalrpc: umpo
ncalrpc: LRPC-8e9d4fe6941fad2204
ncacn_np: \\Win7pese\pipe\LSM_API_service
ncalrpc: LSMApi
ncalrpc: LRPC-4b16b705935f7b2d6e
ncalrpc: actkernel
ncalrpc: umpo
697dcda9-3ba9-4eb2-9247-e11f1901b0d2
version: v1.0
ncalrpc: LRPC-741530c8c6b815f0e4
ncalrpc: LRPC-8e9d4fe6941fad2204
ncacn_np: \\Win7pese\pipe\LSM_API_service
ncalrpc: LSMApi
ncalrpc: LRPC-4b16b705935f7b2d6e
ncalrpc: actkernel
ncalrpc: umpo
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277
version: v1.0
annotation: Impl friendly name
provider: sysntfy.dll
ncalrpc: LRPC-4b16b705935f7b2d6e
ncalrpc: actkernel
ncalrpc: umpo
ncalrpc: IUserProfile2
30adc50c-5cbc-46ce-9a0e-91914789e23c
version: v1.0
annotation: NRP server endpoint
provider: nrpsrv.dll
ncalrpc: LRPC-85fc324d4b92fb3610
ncalrpc: dhcpcsvc
ncalrpc: dhcpcsvc6
ncacn_ip_tcp: 167.114.101.231:49665
ncacn_np: \\Win7pese\pipe\eventlog
ncalrpc: eventlog
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5
version: v1.0
annotation: DHCP Client LRPC Endpoint
provider: dhcpcsvc.dll
ncalrpc: dhcpcsvc
ncalrpc: dhcpcsvc6
ncacn_ip_tcp: 167.114.101.231:49665
ncacn_np: \\Win7pese\pipe\eventlog
ncalrpc: eventlog
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6
version: v1.0
annotation: DHCPv6 Client LRPC Endpoint
provider: dhcpcsvc6.dll
ncalrpc: dhcpcsvc6
ncacn_ip_tcp: 167.114.101.231:49665
ncacn_np: \\Win7pese\pipe\eventlog
ncalrpc: eventlog
f6beaff7-1e19-4fbb-9f8f-b89e2018337c
version: v1.0
annotation: Event log TCPIP
protocol: [MS-EVEN6]: EventLog Remoting Protocol
provider: wevtsvc.dll
ncacn_ip_tcp: 167.114.101.231:49665
ncacn_np: \\Win7pese\pipe\eventlog
ncalrpc: eventlog
a398e520-d59a-4bdd-aa7a-3c1e0303a511
version: v1.0
annotation: IKE/Authip API
provider: IKEEXT.DLL
ncalrpc: LRPC-0182f867ef560ff6ba
ncalrpc: OLE345CF6127D2B1AB43339CD64C57E
ncalrpc: IUserProfile2
0d3c7f20-1c8d-4654-a1b3-51563b298bda
version: v1.0
annotation: UserMgrCli
ncalrpc: LRPC-0182f867ef560ff6ba
ncalrpc: OLE345CF6127D2B1AB43339CD64C57E
ncalrpc: IUserProfile2
b18fbab6-56f8-4702-84e0-41053293a869
version: v1.0
annotation: UserMgrCli
ncalrpc: LRPC-0182f867ef560ff6ba
ncalrpc: OLE345CF6127D2B1AB43339CD64C57E
ncalrpc: IUserProfile2
3473dd4d-2e88-4006-9cba-22570909dd10
version: v5.256
annotation: WinHttp Auto-Proxy Service
ncalrpc: LRPC-5ce78e86ffe71f8e44
7ea70bcf-48af-4f6a-8968-6a440754d5fa
version: v1.0
annotation: NSI server endpoint
provider: nsisvc.dll
ncalrpc: LRPC-5ce78e86ffe71f8e44
7f1343fe-50a9-4927-a778-0c5859517bac
version: v1.0
annotation: DfsDs service
ncacn_np: \\Win7pese\PIPE\wkssvc
ncalrpc: LRPC-351fd150f211bf614a
eb081a0d-10ee-478a-a1dd-50995283e7a8
version: v3.0
annotation: Witness Client Test Interface
ncalrpc: LRPC-351fd150f211bf614a
f2c9b409-c1c9-4100-8639-d8ab1486694a
version: v1.0
annotation: Witness Client Upcall Server
ncalrpc: LRPC-351fd150f211bf614a
dd490425-5325-4565-b774-7e27d6c09c24
version: v1.0
annotation: Base Firewall Engine API
provider: BFE.DLL
ncalrpc: LRPC-c9ca2f055f1819fde8
ncalrpc: LRPC-a74a9835e522e0b70e
df4df73a-c52d-4e3a-8003-8437fdf8302a
version: v0.0
annotation: WM_WindowManagerRPC\Server
ncalrpc: LRPC-a74a9835e522e0b70e
367abb81-9844-35f1-ad32-98f038001003
version: v2.0
protocol: [MS-SCMR]: Service Control Manager Remote Protocol
provider: services.exe
ncacn_ip_tcp: 167.114.101.231:49666
12345778-1234-abcd-ef00-0123456789ac
version: v1.0
protocol: [MS-SAMR]: Security Account Manager (SAM) Remote Protocol
provider: samsrv.dll
ncacn_ip_tcp: 167.114.101.231:49667
ncalrpc: samss lpc
ncalrpc: SidKey Local End Point
ncalrpc: protected_storage
ncalrpc: lsasspirpc
ncalrpc: lsapolicylookup
ncalrpc: LSA_EAS_ENDPOINT
ncalrpc: LSA_IDPEXT_ENDPOINT
ncalrpc: lsacap
ncalrpc: LSARPC_ENDPOINT
ncalrpc: securityevent
ncalrpc: audit
ncacn_np: \\Win7pese\pipe\lsass
-608799651 | 2024-04-17T21:13:53.424620
137 /
udp
NetBIOS Response:
MAC Address: A4:BF:01:1B:A6:4A
Names:
WORKGROUP <0x0>
WIN7PESE <0x0>
MAC Addresses
A4:BF:01:1B:A6:4A
OUI: A4:BF:01
Organization: Intel Corporate
Assignment: MA-L
Registration Date: 2015-12-18
-757264002 | 2024-03-28T14:55:54.860009
139 /
tcp
1845074012 | 2024-04-18T18:11:35.069033
500 /
udp
VPN (IKE)
Initiator SPI: a15cad2e4df13923
Responder SPI: 0000000000000000
Next Payload: Private USE
Version: 1.0
Exchange Type: Private Use
Flags:
Encryption: False
Commit: False
Authentication: False
Message ID: 00000000
Length: 440
-1010938085 | 2024-04-18T13:19:25.660054
5800 /
tcp
1420214384 | 2024-04-18T13:19:28.696519
5900 /
tcp
RFB 003.008
VNC:
Protocol Version: 3.8
Security Types:
2: VNC Authentication
16: Tight