Country | China |
City | Shenzhen |
Organization | Aliyun Computing Co., LTD |
ISP | Hangzhou Alibaba Advertising Co.,Ltd. |
ASN | AS37963 |
Operating System | Windows (build 6.3.9600) |
1795276666 | 2024-04-04T18:45:42.034777135 / tcp
Microsoft RPC Endpoint Mapper d95afe70-a6d5-4259-822e-2c84da1ddb0d version: v1.0 protocol: [MS-RSP]: Remote Shutdown Protocol provider: wininit.exe ncacn_ip_tcp: 172.16.4.39:10000 ncalrpc: WindowsShutdown ncacn_np: \\IZT2GMBE45ZL4DZ\PIPE\InitShutdown ncalrpc: WMsgKRpc043B00 76f226c3-ec14-4325-8a99-6a46348418af version: v1.0 provider: winlogon.exe ncalrpc: WindowsShutdown ncacn_np: \\IZT2GMBE45ZL4DZ\PIPE\InitShutdown ncalrpc: WMsgKRpc043B00 ncalrpc: WMsgKRpc044521 ncalrpc: WMsgKRpc015567C2 9b008953-f195-4bf9-bde0-4471971e58ed version: v1.0 ncalrpc: LRPC-68cea7350ed7958e98 ncacn_np: \\IZT2GMBE45ZL4DZ\pipe\LSM_API_service ncalrpc: LSMApi ncalrpc: LRPC-a5ba26fe79dbb9e363 ncalrpc: actkernel ncalrpc: umpo 697dcda9-3ba9-4eb2-9247-e11f1901b0d2 version: v1.0 ncalrpc: LRPC-68cea7350ed7958e98 ncacn_np: \\IZT2GMBE45ZL4DZ\pipe\LSM_API_service ncalrpc: LSMApi ncalrpc: LRPC-a5ba26fe79dbb9e363 ncalrpc: actkernel ncalrpc: umpo c9ac6db5-82b7-4e55-ae8a-e464ed7b4277 version: v1.0 annotation: Impl friendly name provider: sysntfy.dll ncalrpc: LRPC-a5ba26fe79dbb9e363 ncalrpc: actkernel ncalrpc: umpo ncalrpc: DeviceSetupManager ncacn_np: \\IZT2GMBE45ZL4DZ\PIPE\srvsvc ncacn_ip_tcp: 172.16.4.39:10002 ncalrpc: ubpmtaskhostchannel ncacn_np: \\IZT2GMBE45ZL4DZ\PIPE\atsvc ncalrpc: senssvc ncalrpc: OLE8494457A7D9154BD26627636675B ncalrpc: IUserProfile2 ncalrpc: senssvc ncalrpc: OLE8494457A7D9154BD26627636675B ncalrpc: IUserProfile2 ncalrpc: OLE8494457A7D9154BD26627636675B ncalrpc: IUserProfile2 ncalrpc: IUserProfile2 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e version: v1.0 ncalrpc: actkernel ncalrpc: umpo c605f9fb-f0a3-4e2a-a073-73560f8d9e3e version: v1.0 ncalrpc: actkernel ncalrpc: umpo 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0 version: v1.0 ncalrpc: actkernel ncalrpc: umpo 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a version: v1.0 ncalrpc: actkernel ncalrpc: umpo 2d98a740-581d-41b9-aa0d-a88b9d5ce938 version: v1.0 ncalrpc: actkernel ncalrpc: umpo bdaa0970-413b-4a3e-9e5d-f6dc9d7e0760 version: v1.0 ncalrpc: actkernel ncalrpc: umpo 3b338d89-6cfa-44b8-847e-531531bc9992 version: v1.0 ncalrpc: actkernel ncalrpc: umpo 8782d3b9-ebbd-4644-a3d8-e8725381919b version: v1.0 ncalrpc: actkernel ncalrpc: umpo 085b0334-e454-4d91-9b8c-4134f9e793f3 version: v1.0 ncalrpc: actkernel ncalrpc: umpo 4bec6bb8-b5c2-4b6f-b2c1-5da5cf92d0d9 version: v1.0 ncalrpc: actkernel ncalrpc: umpo 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6 version: v1.0 annotation: DHCPv6 Client LRPC Endpoint provider: dhcpcsvc6.dll ncalrpc: dhcpcsvc6 ncalrpc: dhcpcsvc ncalrpc: LRPC-0dd42e4e4f2333683f ncacn_ip_tcp: 172.16.4.39:10001 ncacn_np: \\IZT2GMBE45ZL4DZ\pipe\eventlog ncalrpc: eventlog 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5 version: v1.0 annotation: DHCP Client LRPC Endpoint provider: dhcpcsvc.dll ncalrpc: dhcpcsvc ncalrpc: LRPC-0dd42e4e4f2333683f ncacn_ip_tcp: 172.16.4.39:10001 ncacn_np: \\IZT2GMBE45ZL4DZ\pipe\eventlog ncalrpc: eventlog abfb6ca3-0c5e-4734-9285-0aee72fe8d1c version: v1.0 annotation: Wcm Service ncalrpc: LRPC-0dd42e4e4f2333683f ncacn_ip_tcp: 172.16.4.39:10001 ncacn_np: \\IZT2GMBE45ZL4DZ\pipe\eventlog ncalrpc: eventlog 30adc50c-5cbc-46ce-9a0e-91914789e23c version: v1.0 annotation: NRP server endpoint provider: nrpsrv.dll ncalrpc: LRPC-0dd42e4e4f2333683f ncacn_ip_tcp: 172.16.4.39:10001 ncacn_np: \\IZT2GMBE45ZL4DZ\pipe\eventlog ncalrpc: eventlog f6beaff7-1e19-4fbb-9f8f-b89e2018337c version: v1.0 annotation: Event log TCPIP protocol: [MS-EVEN6]: EventLog Remoting Protocol provider: wevtsvc.dll ncacn_ip_tcp: 172.16.4.39:10001 ncacn_np: \\IZT2GMBE45ZL4DZ\pipe\eventlog ncalrpc: eventlog 30b044a5-a225-43f0-b3a4-e060df91f9c1 version: v1.0 provider: certprop.dll ncalrpc: LRPC-a95a0f24d3843962ca ncalrpc: DeviceSetupManager ncacn_np: \\IZT2GMBE45ZL4DZ\PIPE\srvsvc ncacn_ip_tcp: 172.16.4.39:10002 ncalrpc: ubpmtaskhostchannel ncacn_np: \\IZT2GMBE45ZL4DZ\PIPE\atsvc ncalrpc: senssvc ncalrpc: OLE8494457A7D9154BD26627636675B ncalrpc: IUserProfile2 1a0d010f-1c33-432c-b0f5-8cf4e8053099 version: v1.0 annotation: IdSegSrv service ncacn_ip_tcp: 172.16.4.39:10002 ncalrpc: ubpmtaskhostchannel ncacn_np: \\IZT2GMBE45ZL4DZ\PIPE\atsvc ncalrpc: senssvc ncalrpc: OLE8494457A7D9154BD26627636675B ncalrpc: IUserProfile2 98716d03-89ac-44c7-bb8c-285824e51c4a version: v1.0 annotation: XactSrv service provider: srvsvc.dll ncacn_ip_tcp: 172.16.4.39:10002 ncalrpc: ubpmtaskhostchannel ncacn_np: \\IZT2GMBE45ZL4DZ\PIPE\atsvc ncalrpc: senssvc ncalrpc: OLE8494457A7D9154BD26627636675B ncalrpc: IUserProfile2 c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1 version: v1.0 annotation: Adh APIs ncacn_ip_tcp: 172.16.4.39:10002 ncalrpc: ubpmtaskhostchannel ncacn_np: \\IZT2GMBE45ZL4DZ\PIPE\atsvc ncalrpc: senssvc ncalrpc: OLE8494457A7D9154BD26627636675B ncalrpc: IUserProfile2 c36be077-e14b-4fe9-8abc-e856ef4f048b version: v1.0 annotation: Proxy Manager client server endpoint ncacn_ip_tcp: 172.16.4.39:10002 ncalrpc: ubpmtaskhostchannel ncacn_np: \\IZT2GMBE45ZL4DZ\PIPE\atsvc ncalrpc: senssvc ncalrpc: OLE8494457A7D9154BD26627636675B ncalrpc: IUserProfile2 2e6035b2-e8f1-41a7-a044-656b439c4c34 version: v1.0 annotation: Proxy Manager provider server endpoint ncacn_ip_tcp: 172.16.4.39:10002 ncalrpc: ubpmtaskhostchannel ncacn_np: \\IZT2GMBE45ZL4DZ\PIPE\atsvc ncalrpc: senssvc ncalrpc: OLE8494457A7D9154BD26627636675B ncalrpc: IUserProfile2 552d076a-cb29-4e44-8b6a-d15e59e2c0af version: v1.0 annotation: IP Transition Configuration endpoint provider: iphlpsvc.dll ncacn_ip_tcp: 172.16.4.39:10002 ncalrpc: ubpmtaskhostchannel ncacn_np: \\IZT2GMBE45ZL4DZ\PIPE\atsvc ncalrpc: senssvc ncalrpc: OLE8494457A7D9154BD26627636675B ncalrpc: IUserProfile2 a398e520-d59a-4bdd-aa7a-3c1e0303a511 version: v1.0 annotation: IKE/Authip API provider: IKEEXT.DLL ncacn_ip_tcp: 172.16.4.39:10002 ncalrpc: ubpmtaskhostchannel ncacn_np: \\IZT2GMBE45ZL4DZ\PIPE\atsvc ncalrpc: senssvc ncalrpc: OLE8494457A7D9154BD26627636675B ncalrpc: IUserProfile2 3a9ef155-691d-4449-8d05-09ad57031823 version: v1.0 ncacn_ip_tcp: 172.16.4.39:10002 ncalrpc: ubpmtaskhostchannel ncacn_np: \\IZT2GMBE45ZL4DZ\PIPE\atsvc ncalrpc: senssvc ncalrpc: OLE8494457A7D9154BD26627636675B ncalrpc: IUserProfile2 86d35949-83c9-4044-b424-db363231fd0c version: v1.0 protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol provider: schedsvc.dll ncacn_ip_tcp: 172.16.4.39:10002 ncalrpc: ubpmtaskhostchannel ncacn_np: \\IZT2GMBE45ZL4DZ\PIPE\atsvc ncalrpc: senssvc ncalrpc: OLE8494457A7D9154BD26627636675B ncalrpc: IUserProfile2 378e52b0-c0a9-11cf-822d-00aa0051e40f version: v1.0 protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol provider: taskcomp.dll ncacn_np: \\IZT2GMBE45ZL4DZ\PIPE\atsvc ncalrpc: senssvc ncalrpc: OLE8494457A7D9154BD26627636675B ncalrpc: IUserProfile2 1ff70682-0a51-30e8-076d-740be8cee98b version: v1.0 protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol provider: taskcomp.dll ncacn_np: \\IZT2GMBE45ZL4DZ\PIPE\atsvc ncalrpc: senssvc ncalrpc: OLE8494457A7D9154BD26627636675B ncalrpc: IUserProfile2 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53 version: v1.0 provider: schedsvc.dll ncalrpc: senssvc ncalrpc: OLE8494457A7D9154BD26627636675B ncalrpc: IUserProfile2 2eb08e3e-639f-4fba-97b1-14f878961076 version: v1.0 annotation: Group Policy RPC Interface provider: gpsvc.dll ncalrpc: LRPC-4f8bf62431e4c002f7 3473dd4d-2e88-4006-9cba-22570909dd10 version: v5.256 annotation: WinHttp Auto-Proxy Service ncalrpc: LRPC-c3df5bfb76df9eafc6 ncalrpc: OLEB83782CE96D7510ADA647D207729 7ea70bcf-48af-4f6a-8968-6a440754d5fa version: v1.0 annotation: NSI server endpoint provider: nsisvc.dll ncalrpc: LRPC-c3df5bfb76df9eafc6 ncalrpc: OLEB83782CE96D7510ADA647D207729 b2507c30-b126-494a-92ac-ee32b6eeb039 version: v1.0 ncalrpc: LRPC-495ffcebd36c7322d3 2fb92682-6599-42dc-ae13-bd2ca89bd11c version: v1.0 annotation: Fw APIs provider: MPSSVC.dll ncalrpc: LRPC-4d8b53e4afe68d4208 ncalrpc: LRPC-c825a357b18dffea89 f47433c3-3e9d-4157-aad4-83aa1f5c2d4c version: v1.0 annotation: Fw APIs ncalrpc: LRPC-4d8b53e4afe68d4208 ncalrpc: LRPC-c825a357b18dffea89 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03 version: v1.0 annotation: Fw APIs provider: MPSSVC.dll ncalrpc: LRPC-4d8b53e4afe68d4208 ncalrpc: LRPC-c825a357b18dffea89 dd490425-5325-4565-b774-7e27d6c09c24 version: v1.0 annotation: Base Firewall Engine API provider: BFE.DLL ncalrpc: LRPC-c825a357b18dffea89 7f1343fe-50a9-4927-a778-0c5859517bac version: v1.0 annotation: DfsDs service ncacn_np: \\IZT2GMBE45ZL4DZ\PIPE\wkssvc ncalrpc: LRPC-488f7a0035b5cb98dc ncalrpc: DNSResolver eb081a0d-10ee-478a-a1dd-50995283e7a8 version: v3.0 annotation: Witness Client Test Interface ncalrpc: LRPC-488f7a0035b5cb98dc ncalrpc: DNSResolver f2c9b409-c1c9-4100-8639-d8ab1486694a version: v1.0 annotation: Witness Client Upcall Server ncalrpc: LRPC-488f7a0035b5cb98dc ncalrpc: DNSResolver 76f03f96-cdfd-44fc-a22c-64950a001209 version: v1.0 protocol: [MS-PAR]: Print System Asynchronous Remote Protocol provider: spoolsv.exe ncacn_ip_tcp: 172.16.4.39:10003 ncalrpc: LRPC-8e224dd42cb98d4ea2 4a452661-8290-4b36-8fbe-7f4093a94978 version: v1.0 provider: spoolsv.exe ncacn_ip_tcp: 172.16.4.39:10003 ncalrpc: LRPC-8e224dd42cb98d4ea2 ae33069b-a2a8-46ee-a235-ddfd339be281 version: v1.0 protocol: [MS-PAN]: Print System Asynchronous Notification Protocol provider: spoolsv.exe ncacn_ip_tcp: 172.16.4.39:10003 ncalrpc: LRPC-8e224dd42cb98d4ea2 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1 version: v1.0 protocol: [MS-PAN]: Print System Asynchronous Notification Protocol provider: spoolsv.exe ncacn_ip_tcp: 172.16.4.39:10003 ncalrpc: LRPC-8e224dd42cb98d4ea2 12345678-1234-abcd-ef00-0123456789ab version: v1.0 protocol: [MS-RPRN]: Print System Remote Protocol provider: spoolsv.exe ncacn_ip_tcp: 172.16.4.39:10003 ncalrpc: LRPC-8e224dd42cb98d4ea2 367abb81-9844-35f1-ad32-98f038001003 version: v2.0 protocol: [MS-SCMR]: Service Control Manager Remote Protocol provider: services.exe ncacn_ip_tcp: 172.16.4.39:10017 6b5bdd1e-528c-422c-af8c-a4079be4fe48 version: v1.0 annotation: Remote Fw APIs protocol: [MS-FASP]: Firewall and Advanced Security Protocol provider: FwRemoteSvr.dll ncacn_ip_tcp: 172.16.4.39:10021 12345778-1234-abcd-ef00-0123456789ac version: v1.0 protocol: [MS-SAMR]: Security Account Manager (SAM) Remote Protocol provider: samsrv.dll ncacn_ip_tcp: 172.16.4.39:10030 ncalrpc: samss lpc ncalrpc: SidKey Local End Point ncalrpc: protected_storage ncalrpc: lsasspirpc ncalrpc: lsapolicylookup ncalrpc: LSA_EAS_ENDPOINT ncalrpc: lsacap ncalrpc: LSARPC_ENDPOINT ncalrpc: securityevent ncalrpc: audit ncacn_np: \\IZT2GMBE45ZL4DZ\pipe\lsass 906b0ce0-c70b-1067-b317-00dd010662da version: v1.0 protocol: [MS-CMPO]: MSDTC Connection Manager: provider: msdtcprx.dll ncalrpc: LRPC-c376f313ee41eca3ba ncalrpc: LRPC-c376f313ee41eca3ba ncalrpc: LRPC-c376f313ee41eca3ba 12e65dd8-887f-41ef-91bf-8d816c42c2e7 version: v1.0 annotation: Secure Desktop LRPC interface provider: winlogon.exe ncalrpc: WMsgKRpc015567C2
-668558603 | 2024-04-15T03:05:51.1005303389 / tcp
Remote Desktop Protocol NTLM Info: OS: Windows 8.1/Windows Server 2012 R2 OS Build: 6.3.9600 Target Name: IZT2GMBE45ZL4DZ NetBIOS Domain Name: IZT2GMBE45ZL4DZ NetBIOS Computer Name: IZT2GMBE45ZL4DZ DNS Domain Name: iZt2gmbe45zl4dZ FQDN: iZt2gmbe45zl4dZ
Certificate: Data: Version: 3 (0x2) Serial Number: 36:bc:7e:5a:b9:c1:e2:86:43:96:93:d2:b4:ff:5e:8e Signature Algorithm: sha256WithRSAEncryption Issuer: CN=iZt2gmbe45zl4dZ Validity Not Before: Jan 20 07:17:30 2024 GMT Not After : Jul 21 07:17:30 2024 GMT Subject: CN=iZt2gmbe45zl4dZ Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:c4:fb:be:e1:90:6a:ec:ba:ec:8b:5b:17:d6:57: 66:fc:fe:4a:0d:ee:6a:c6:d4:2b:36:26:df:cf:96: 03:1e:45:bd:cc:eb:c5:57:12:20:11:3f:12:f0:c9: f6:a2:39:e8:d1:b6:41:43:a2:bf:b8:28:6d:31:19: 2e:d5:37:0f:d8:a5:0f:a5:b5:29:1d:ae:3b:52:1c: 0d:16:de:ce:1d:8d:1f:12:58:f1:95:38:b8:90:7b: a8:0b:f2:f0:c4:1e:a9:40:b1:47:36:3b:1f:be:f7: 8a:ff:d6:37:72:01:03:4b:3d:2f:90:46:80:cc:fa: 43:ad:8b:20:67:bf:33:42:9e:52:77:34:1b:5b:b0: 0c:1c:6c:5a:e5:d8:68:6f:11:24:f4:16:d2:b9:90: 67:0d:db:e4:de:77:83:5a:45:7e:70:77:0b:62:9e: 0c:b2:70:9a:07:f2:84:e0:92:d2:92:61:ea:62:d0: 3a:e3:9a:b5:a7:6d:0f:a9:51:94:20:fe:bf:97:ef: d8:9b:ba:ee:8d:b6:41:75:f9:ed:78:14:97:0f:41: ea:cd:08:a6:44:c0:4f:bd:d8:93:85:71:ca:f6:84: 55:e2:a4:c6:79:ac:bd:5b:48:33:16:61:29:aa:78: 11:27:4d:e7:7e:42:69:56:0d:66:6b:73:1e:15:8c: 93:b3 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Extended Key Usage: TLS Web Server Authentication X509v3 Key Usage: Key Encipherment, Data Encipherment Signature Algorithm: sha256WithRSAEncryption Signature Value: a8:87:bf:2d:cf:e0:54:29:e9:62:0f:9a:df:1e:cd:22:f4:39: 98:0a:24:63:bd:60:ba:0b:40:6f:95:79:bb:c6:85:f0:a5:60: 6e:72:d8:53:f0:c0:94:93:5b:5d:b7:23:f3:74:72:3c:6b:57: 59:6b:c2:94:e9:ef:15:11:a9:5d:43:ad:59:d1:59:44:4c:99: 44:ba:20:5f:c6:98:3a:28:63:fa:9a:d5:07:4c:b6:1d:0b:9e: 45:7f:41:4b:eb:8c:8d:be:02:65:3f:86:59:b3:9c:28:8d:fd: 9f:cb:2a:a0:7b:a4:14:20:a4:78:e4:17:40:97:30:67:10:49: 97:83:4a:01:92:d2:b0:0c:69:16:36:19:8b:99:dd:0f:fd:06: 2b:14:28:31:cf:07:d3:42:56:aa:6d:f5:c5:12:fa:33:80:ee: f0:e3:75:4f:b8:67:63:b1:bd:a7:2c:ad:35:5a:c3:20:04:87: 4e:a9:c0:8f:76:03:fb:16:9b:b7:67:7d:73:ed:a3:71:60:e2: bd:72:0d:c6:2d:d5:2e:6f:44:3e:36:41:59:39:40:c5:b7:7f: 48:1b:66:20:50:59:3e:a0:b1:eb:5d:e8:e3:f4:5e:da:b0:a7: 45:95:0d:b9:db:2f:ce:71:cf:17:0a:9b:fa:d1:e1:ca:a4:7f: 60:4a:8c:4d