1701136493 | 2024-04-27T00:25:46.574667
135 /
tcp
Microsoft RPC Endpoint Mapper
d95afe70-a6d5-4259-822e-2c84da1ddb0d
version: v1.0
protocol: [MS-RSP]: Remote Shutdown Protocol
provider: wininit.exe
ncacn_ip_tcp: 222.186.139.195:49152
ncalrpc: WindowsShutdown
ncacn_np: \\WIN-0CUDAKGTOE9\PIPE\InitShutdown
ncalrpc: WMsgKRpc03D0C0
76f226c3-ec14-4325-8a99-6a46348418af
version: v1.0
provider: winlogon.exe
ncalrpc: WindowsShutdown
ncacn_np: \\WIN-0CUDAKGTOE9\PIPE\InitShutdown
ncalrpc: WMsgKRpc03D0C0
ncalrpc: WMsgKRpc03EF81
ncalrpc: WMsgKRpc01742D2
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277
version: v1.0
annotation: Impl friendly name
provider: sysntfy.dll
ncalrpc: LRPC-2f5492e10c6c30a4e1
ncacn_ip_tcp: 222.186.139.195:49154
ncacn_np: \\WIN-0CUDAKGTOE9\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLEA056D56E791D4C0786EE543A9E30
ncalrpc: IUserProfile2
ncalrpc: senssvc
ncalrpc: OLEA056D56E791D4C0786EE543A9E30
ncalrpc: IUserProfile2
ncalrpc: IUserProfile2
ncalrpc: IUserProfile2
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6
version: v1.0
annotation: DHCPv6 Client LRPC Endpoint
provider: dhcpcsvc6.dll
ncalrpc: dhcpcsvc6
ncalrpc: dhcpcsvc
ncacn_ip_tcp: 222.186.139.195:49153
ncacn_np: \\WIN-0CUDAKGTOE9\pipe\eventlog
ncalrpc: eventlog
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5
version: v1.0
annotation: DHCP Client LRPC Endpoint
provider: dhcpcsvc.dll
ncalrpc: dhcpcsvc
ncacn_ip_tcp: 222.186.139.195:49153
ncacn_np: \\WIN-0CUDAKGTOE9\pipe\eventlog
ncalrpc: eventlog
30adc50c-5cbc-46ce-9a0e-91914789e23c
version: v1.0
annotation: NRP server endpoint
provider: nrpsrv.dll
ncacn_ip_tcp: 222.186.139.195:49153
ncacn_np: \\WIN-0CUDAKGTOE9\pipe\eventlog
ncalrpc: eventlog
f6beaff7-1e19-4fbb-9f8f-b89e2018337c
version: v1.0
annotation: Event log TCPIP
protocol: [MS-EVEN6]: EventLog Remoting Protocol
provider: wevtsvc.dll
ncacn_ip_tcp: 222.186.139.195:49153
ncacn_np: \\WIN-0CUDAKGTOE9\pipe\eventlog
ncalrpc: eventlog
30b044a5-a225-43f0-b3a4-e060df91f9c1
version: v1.0
provider: certprop.dll
ncacn_ip_tcp: 222.186.139.195:49154
ncacn_np: \\WIN-0CUDAKGTOE9\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLEA056D56E791D4C0786EE543A9E30
ncalrpc: IUserProfile2
552d076a-cb29-4e44-8b6a-d15e59e2c0af
version: v1.0
annotation: IP Transition Configuration endpoint
provider: iphlpsvc.dll
ncacn_ip_tcp: 222.186.139.195:49154
ncacn_np: \\WIN-0CUDAKGTOE9\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLEA056D56E791D4C0786EE543A9E30
ncalrpc: IUserProfile2
a398e520-d59a-4bdd-aa7a-3c1e0303a511
version: v1.0
annotation: IKE/Authip API
provider: IKEEXT.DLL
ncacn_ip_tcp: 222.186.139.195:49154
ncacn_np: \\WIN-0CUDAKGTOE9\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLEA056D56E791D4C0786EE543A9E30
ncalrpc: IUserProfile2
86d35949-83c9-4044-b424-db363231fd0c
version: v1.0
protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
provider: schedsvc.dll
ncacn_ip_tcp: 222.186.139.195:49154
ncacn_np: \\WIN-0CUDAKGTOE9\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLEA056D56E791D4C0786EE543A9E30
ncalrpc: IUserProfile2
378e52b0-c0a9-11cf-822d-00aa0051e40f
version: v1.0
protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
provider: taskcomp.dll
ncacn_np: \\WIN-0CUDAKGTOE9\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLEA056D56E791D4C0786EE543A9E30
ncalrpc: IUserProfile2
1ff70682-0a51-30e8-076d-740be8cee98b
version: v1.0
protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
provider: taskcomp.dll
ncacn_np: \\WIN-0CUDAKGTOE9\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLEA056D56E791D4C0786EE543A9E30
ncalrpc: IUserProfile2
0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53
version: v1.0
provider: schedsvc.dll
ncalrpc: senssvc
ncalrpc: OLEA056D56E791D4C0786EE543A9E30
ncalrpc: IUserProfile2
2eb08e3e-639f-4fba-97b1-14f878961076
version: v1.0
provider: gpsvc.dll
ncalrpc: IUserProfile2
24019106-a203-4642-b88d-82dae9158929
version: v1.0
provider: authui.dll
ncalrpc: LRPC-a5a7486b3c2bb314cd
3473dd4d-2e88-4006-9cba-22570909dd10
version: v5.256
annotation: WinHttp Auto-Proxy Service
ncacn_np: \\WIN-0CUDAKGTOE9\PIPE\W32TIME_ALT
ncalrpc: W32TIME_ALT
ncalrpc: LRPC-ce7574e8254bf8d680
ncalrpc: OLEF1A0E29D4E8D45E48858ED20170C
7ea70bcf-48af-4f6a-8968-6a440754d5fa
version: v1.0
annotation: NSI server endpoint
provider: nsisvc.dll
ncalrpc: LRPC-ce7574e8254bf8d680
ncalrpc: OLEF1A0E29D4E8D45E48858ED20170C
2fb92682-6599-42dc-ae13-bd2ca89bd11c
version: v1.0
annotation: Fw APIs
provider: MPSSVC.dll
ncalrpc: LRPC-fc89dfc6f64171ed24
7f9d11bf-7fb9-436b-a812-b2d50c5d4c03
version: v1.0
annotation: Fw APIs
provider: MPSSVC.dll
ncalrpc: LRPC-fc89dfc6f64171ed24
dd490425-5325-4565-b774-7e27d6c09c24
version: v1.0
annotation: Base Firewall Engine API
provider: BFE.DLL
ncalrpc: LRPC-fc89dfc6f64171ed24
4a452661-8290-4b36-8fbe-7f4093a94978
version: v1.0
annotation: Spooler function endpoint
provider: spoolsv.exe
ncalrpc: spoolss
ae33069b-a2a8-46ee-a235-ddfd339be281
version: v1.0
annotation: Spooler base remote object endpoint
protocol: [MS-PAN]: Print System Asynchronous Notification Protocol
provider: spoolsv.exe
ncalrpc: spoolss
0b6edbfa-4a24-4fc6-8a23-942b1eca65d1
version: v1.0
annotation: Spooler function endpoint
protocol: [MS-PAN]: Print System Asynchronous Notification Protocol
provider: spoolsv.exe
ncalrpc: spoolss
367abb81-9844-35f1-ad32-98f038001003
version: v2.0
protocol: [MS-SCMR]: Service Control Manager Remote Protocol
provider: services.exe
ncacn_ip_tcp: 222.186.139.195:49155
12345678-1234-abcd-ef00-0123456789ab
version: v1.0
annotation: IPSec Policy agent endpoint
protocol: [MS-RPRN]: Print System Remote Protocol
provider: spoolsv.exe
ncalrpc: LRPC-10184c48dec25e0070
ncacn_ip_tcp: 222.186.139.195:49156
6b5bdd1e-528c-422c-af8c-a4079be4fe48
version: v1.0
annotation: Remote Fw APIs
protocol: [MS-FASP]: Firewall and Advanced Security Protocol
provider: FwRemoteSvr.dll
ncacn_ip_tcp: 222.186.139.195:49156
12345778-1234-abcd-ef00-0123456789ac
version: v1.0
protocol: [MS-SAMR]: Security Account Manager (SAM) Remote Protocol
provider: samsrv.dll
ncacn_ip_tcp: 222.186.139.195:49158
ncalrpc: samss lpc
ncalrpc: dsrole
ncacn_np: \\WIN-0CUDAKGTOE9\PIPE\protected_storage
ncalrpc: protected_storage
ncalrpc: lsasspirpc
ncalrpc: lsapolicylookup
ncalrpc: LSARPC_ENDPOINT
ncalrpc: securityevent
ncalrpc: audit
ncalrpc: LRPC-5c2e0961c662f72673
ncacn_np: \\WIN-0CUDAKGTOE9\pipe\lsass
12e65dd8-887f-41ef-91bf-8d816c42c2e7
version: v1.0
annotation: Secure Desktop LRPC interface
provider: winlogon.exe
ncalrpc: WMsgKRpc01742D2
906b0ce0-c70b-1067-b317-00dd010662da
version: v1.0
protocol: [MS-CMPO]: MSDTC Connection Manager:
provider: msdtcprx.dll
ncalrpc: LRPC-0facb3ad21c29e0172
ncalrpc: LRPC-0facb3ad21c29e0172
ncalrpc: LRPC-0facb3ad21c29e0172
ncalrpc: LRPC-0facb3ad21c29e0172
1345679747 | 2024-04-23T15:59:37.516289
137 /
udp
NetBIOS Response:
MAC Address: 00:16:3C:7E:8E:42
Names:
WIN-0CUDAKGTOE9 <0x0>
WORKGROUP <0x0>MAC Addresses
00:16:3C:7E:8E:42
OUI: 00:16:3C
Organization: Rebox B.V.
Assignment: MA-L
Registration Date: 2005-10-29
-1196272675 | 2024-04-16T19:33:17.765617
3389 /
tcp
Remote Desktop Protocol
\x03\x00\x00\x13\x0e\xd0\x00\x00\x124\x00\x02\x01\x08\x00\x02\x00\x00\x00
administrator
GBR
Fo
BAW ees ep rece
Enterprise
SSL Certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
74:8b:ba:24:56:84:0b:aa:49:b4:85:1b:ef:27:b7:ac
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=WIN-0CUDAKGTOE9
Validity
Not Before: Jan 15 17:19:56 2024 GMT
Not After : Jul 16 17:19:56 2024 GMT
Subject: CN=WIN-0CUDAKGTOE9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d3:ca:a0:29:9c:55:19:68:b0:bf:0e:54:e6:35:
5b:7d:12:dc:73:f9:97:01:ac:b6:eb:a7:b4:33:95:
c2:58:4d:44:de:77:e3:64:f5:44:20:31:bb:5c:49:
00:c5:1e:89:4c:dd:d3:16:08:57:df:15:81:40:63:
3d:85:df:6d:e4:80:60:36:96:2b:19:6a:ba:0d:42:
b8:7b:ef:c0:c0:94:04:9c:d7:3e:db:11:b1:93:52:
07:d6:0a:fd:69:3c:81:b2:d5:1a:b0:2a:19:ba:c6:
b3:d7:3d:f9:44:8c:7e:1f:0b:b7:a6:bd:d3:6b:10:
4a:ed:68:8c:01:0b:a9:63:11:5a:d8:70:ab:e1:05:
67:68:59:4a:94:4b:a1:c8:e3:2f:93:a0:4b:50:b2:
ee:4d:b2:37:52:f3:5c:3e:57:2a:a6:2c:5a:a3:12:
ad:43:69:9d:f4:a1:1c:9a:ff:93:0f:c3:7a:2a:e1:
e6:7e:ec:09:4f:36:4d:97:81:7b:97:4f:5b:a7:99:
f2:bb:f5:c9:bb:2c:f0:7c:1c:ae:dd:9a:9a:aa:30:
15:c1:fa:84:de:7c:17:af:6b:ed:74:04:9a:af:f6:
78:be:9a:34:49:c2:91:24:e7:70:43:bc:54:17:8f:
6b:6e:03:08:8c:ea:e5:26:2c:d5:f8:bb:bf:7c:8c:
80:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage:
Key Encipherment, Data Encipherment
Signature Algorithm: sha1WithRSAEncryption
Signature Value:
03:dc:1c:a3:f6:c4:be:97:e6:34:8d:e7:c1:9f:20:c3:36:a1:
5a:33:b4:b8:ac:0b:bd:e1:6c:9c:24:01:ac:f1:2c:3e:2c:c6:
c4:ee:86:7f:23:2b:fa:48:14:29:01:5c:b2:95:2a:75:53:37:
12:5c:71:1d:b5:61:72:3b:14:c2:19:cf:e2:6f:57:80:61:f8:
7e:8b:c1:ed:36:70:a4:cf:4f:26:dd:59:1c:c7:8e:ad:d6:7d:
40:f9:7b:f9:09:af:0a:53:c2:89:e9:fc:c6:9a:2a:7a:31:5e:
7a:af:a0:93:fc:88:45:17:09:37:7c:e8:76:9c:b6:b9:82:18:
b5:e1:38:f4:cf:67:1c:33:df:6c:25:ca:f8:db:f8:71:65:ba:
86:45:1c:46:a4:e0:c6:e1:af:b6:4e:43:24:4c:85:35:34:0b:
f5:3f:de:2c:96:98:7b:e4:7a:94:26:ea:55:a4:4e:21:50:4e:
90:dc:d5:a9:cf:c3:c1:2c:8f:00:6e:ad:fe:41:39:21:cb:89:
d3:e4:61:0f:53:73:8b:b8:3f:f0:20:71:95:84:38:88:75:9e:
81:9b:d7:46:b7:77:95:c5:6f:73:18:f1:41:be:e6:21:c3:b5:
fa:26:02:3e:39:9f:1a:e0:ba:5d:f1:c0:16:c6:a5:7c:1a:88:
91:f8:64:90
