-119375469 | 2024-03-21T14:33:57.092162
80 /
tcp
HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Sat, 18 Nov 2023 12:56:07 GMT
Accept-Ranges: bytes
ETag: "829ab991e1ada1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 21 Mar 2024 14:33:56 GMT
Content-Length: 689
1512987974 | 2024-04-04T13:51:59.834373
135 /
tcp
Microsoft RPC Endpoint Mapper
d95afe70-a6d5-4259-822e-2c84da1ddb0d
version: v1.0
protocol: [MS-RSP]: Remote Shutdown Protocol
provider: wininit.exe
ncacn_ip_tcp: 172.18.130.36:49152
ncalrpc: WindowsShutdown
ncacn_np: \\AAAAAAAAAA\PIPE\InitShutdown
ncalrpc: WMsgKRpc050E30
76f226c3-ec14-4325-8a99-6a46348418af
version: v1.0
provider: winlogon.exe
ncalrpc: WindowsShutdown
ncacn_np: \\AAAAAAAAAA\PIPE\InitShutdown
ncalrpc: WMsgKRpc050E30
ncalrpc: WMsgKRpc051941
ncalrpc: WMsgKRpc0252522
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277
version: v1.0
annotation: Impl friendly name
provider: sysntfy.dll
ncalrpc: LRPC-50b940077a6ec2f96c
ncacn_np: \\AAAAAAAAAA\PIPE\srvsvc
ncacn_ip_tcp: 172.18.130.36:49154
ncacn_np: \\AAAAAAAAAA\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLEB5B9EFD682934C3D9EA4BB1FFCFF
ncalrpc: IUserProfile2
ncalrpc: senssvc
ncalrpc: OLEB5B9EFD682934C3D9EA4BB1FFCFF
ncalrpc: IUserProfile2
ncalrpc: OLEB5B9EFD682934C3D9EA4BB1FFCFF
ncalrpc: IUserProfile2
ncalrpc: IUserProfile2
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6
version: v1.0
annotation: DHCPv6 Client LRPC Endpoint
provider: dhcpcsvc6.dll
ncalrpc: dhcpcsvc6
ncalrpc: dhcpcsvc
ncacn_ip_tcp: 172.18.130.36:49153
ncacn_np: \\AAAAAAAAAA\pipe\eventlog
ncalrpc: eventlog
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5
version: v1.0
annotation: DHCP Client LRPC Endpoint
provider: dhcpcsvc.dll
ncalrpc: dhcpcsvc
ncacn_ip_tcp: 172.18.130.36:49153
ncacn_np: \\AAAAAAAAAA\pipe\eventlog
ncalrpc: eventlog
30adc50c-5cbc-46ce-9a0e-91914789e23c
version: v1.0
annotation: NRP server endpoint
provider: nrpsrv.dll
ncacn_ip_tcp: 172.18.130.36:49153
ncacn_np: \\AAAAAAAAAA\pipe\eventlog
ncalrpc: eventlog
f6beaff7-1e19-4fbb-9f8f-b89e2018337c
version: v1.0
annotation: Event log TCPIP
protocol: [MS-EVEN6]: EventLog Remoting Protocol
provider: wevtsvc.dll
ncacn_ip_tcp: 172.18.130.36:49153
ncacn_np: \\AAAAAAAAAA\pipe\eventlog
ncalrpc: eventlog
30b044a5-a225-43f0-b3a4-e060df91f9c1
version: v1.0
provider: certprop.dll
ncacn_np: \\AAAAAAAAAA\PIPE\srvsvc
ncacn_ip_tcp: 172.18.130.36:49154
ncacn_np: \\AAAAAAAAAA\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLEB5B9EFD682934C3D9EA4BB1FFCFF
ncalrpc: IUserProfile2
98716d03-89ac-44c7-bb8c-285824e51c4a
version: v1.0
annotation: XactSrv service
provider: srvsvc.dll
ncacn_ip_tcp: 172.18.130.36:49154
ncacn_np: \\AAAAAAAAAA\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLEB5B9EFD682934C3D9EA4BB1FFCFF
ncalrpc: IUserProfile2
552d076a-cb29-4e44-8b6a-d15e59e2c0af
version: v1.0
annotation: IP Transition Configuration endpoint
provider: iphlpsvc.dll
ncacn_ip_tcp: 172.18.130.36:49154
ncacn_np: \\AAAAAAAAAA\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLEB5B9EFD682934C3D9EA4BB1FFCFF
ncalrpc: IUserProfile2
a398e520-d59a-4bdd-aa7a-3c1e0303a511
version: v1.0
annotation: IKE/Authip API
provider: IKEEXT.DLL
ncacn_ip_tcp: 172.18.130.36:49154
ncacn_np: \\AAAAAAAAAA\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLEB5B9EFD682934C3D9EA4BB1FFCFF
ncalrpc: IUserProfile2
86d35949-83c9-4044-b424-db363231fd0c
version: v1.0
protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
provider: schedsvc.dll
ncacn_ip_tcp: 172.18.130.36:49154
ncacn_np: \\AAAAAAAAAA\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLEB5B9EFD682934C3D9EA4BB1FFCFF
ncalrpc: IUserProfile2
378e52b0-c0a9-11cf-822d-00aa0051e40f
version: v1.0
protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
provider: taskcomp.dll
ncacn_np: \\AAAAAAAAAA\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLEB5B9EFD682934C3D9EA4BB1FFCFF
ncalrpc: IUserProfile2
1ff70682-0a51-30e8-076d-740be8cee98b
version: v1.0
protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
provider: taskcomp.dll
ncacn_np: \\AAAAAAAAAA\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLEB5B9EFD682934C3D9EA4BB1FFCFF
ncalrpc: IUserProfile2
0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53
version: v1.0
provider: schedsvc.dll
ncalrpc: senssvc
ncalrpc: OLEB5B9EFD682934C3D9EA4BB1FFCFF
ncalrpc: IUserProfile2
2eb08e3e-639f-4fba-97b1-14f878961076
version: v1.0
provider: gpsvc.dll
ncalrpc: OLEB5B9EFD682934C3D9EA4BB1FFCFF
ncalrpc: IUserProfile2
3473dd4d-2e88-4006-9cba-22570909dd10
version: v5.256
annotation: WinHttp Auto-Proxy Service
ncacn_np: \\AAAAAAAAAA\PIPE\W32TIME_ALT
ncalrpc: W32TIME_ALT
ncalrpc: LRPC-eb29890c1f805c2793
ncalrpc: OLEAC4BA07CFE754A45BAAB253BEE96
7ea70bcf-48af-4f6a-8968-6a440754d5fa
version: v1.0
annotation: NSI server endpoint
provider: nsisvc.dll
ncalrpc: LRPC-eb29890c1f805c2793
ncalrpc: OLEAC4BA07CFE754A45BAAB253BEE96
24019106-a203-4642-b88d-82dae9158929
version: v1.0
provider: authui.dll
ncalrpc: LRPC-d3a5b03d81775f1ae0
2fb92682-6599-42dc-ae13-bd2ca89bd11c
version: v1.0
annotation: Fw APIs
provider: MPSSVC.dll
ncalrpc: LRPC-a2f1a66a5867f54be0
7f9d11bf-7fb9-436b-a812-b2d50c5d4c03
version: v1.0
annotation: Fw APIs
provider: MPSSVC.dll
ncalrpc: LRPC-a2f1a66a5867f54be0
dd490425-5325-4565-b774-7e27d6c09c24
version: v1.0
annotation: Base Firewall Engine API
provider: BFE.DLL
ncalrpc: LRPC-a2f1a66a5867f54be0
7f1343fe-50a9-4927-a778-0c5859517bac
version: v1.0
annotation: DfsDs service
ncacn_np: \\AAAAAAAAAA\PIPE\wkssvc
ncalrpc: DNSResolver
4a452661-8290-4b36-8fbe-7f4093a94978
version: v1.0
annotation: Spooler function endpoint
provider: spoolsv.exe
ncalrpc: spoolss
ae33069b-a2a8-46ee-a235-ddfd339be281
version: v1.0
annotation: Spooler base remote object endpoint
protocol: [MS-PAN]: Print System Asynchronous Notification Protocol
provider: spoolsv.exe
ncalrpc: spoolss
0b6edbfa-4a24-4fc6-8a23-942b1eca65d1
version: v1.0
annotation: Spooler function endpoint
protocol: [MS-PAN]: Print System Asynchronous Notification Protocol
provider: spoolsv.exe
ncalrpc: spoolss
367abb81-9844-35f1-ad32-98f038001003
version: v2.0
protocol: [MS-SCMR]: Service Control Manager Remote Protocol
provider: services.exe
ncacn_ip_tcp: 172.18.130.36:49172
12345678-1234-abcd-ef00-0123456789ab
version: v1.0
annotation: IPSec Policy agent endpoint
protocol: [MS-RPRN]: Print System Remote Protocol
provider: spoolsv.exe
ncalrpc: LRPC-56b6cc69358c3e040c
ncacn_ip_tcp: 172.18.130.36:49174
6b5bdd1e-528c-422c-af8c-a4079be4fe48
version: v1.0
annotation: Remote Fw APIs
protocol: [MS-FASP]: Firewall and Advanced Security Protocol
provider: FwRemoteSvr.dll
ncacn_ip_tcp: 172.18.130.36:49174
906b0ce0-c70b-1067-b317-00dd010662da
version: v1.0
protocol: [MS-CMPO]: MSDTC Connection Manager:
provider: msdtcprx.dll
ncalrpc: LRPC-e972491693048e3435
ncalrpc: OLE72F7EA1D981A4B988C1447D468E3
ncalrpc: LRPC-1b869b52bdba07f347
ncalrpc: LRPC-1b869b52bdba07f347
ncalrpc: LRPC-1b869b52bdba07f347
ncalrpc: LRPC-1b869b52bdba07f347
12345778-1234-abcd-ef00-0123456789ac
version: v1.0
protocol: [MS-SAMR]: Security Account Manager (SAM) Remote Protocol
provider: samsrv.dll
ncacn_ip_tcp: 172.18.130.36:49180
ncalrpc: samss lpc
ncalrpc: dsrole
ncacn_np: \\AAAAAAAAAA\PIPE\protected_storage
ncalrpc: protected_storage
ncalrpc: lsasspirpc
ncalrpc: lsapolicylookup
ncalrpc: LSARPC_ENDPOINT
ncalrpc: securityevent
ncalrpc: audit
ncalrpc: LRPC-34c422235860fdf003
ncacn_np: \\AAAAAAAAAA\pipe\lsass
12e65dd8-887f-41ef-91bf-8d816c42c2e7
version: v1.0
annotation: Secure Desktop LRPC interface
provider: winlogon.exe
ncalrpc: WMsgKRpc0252522
2074933174 | 2024-04-13T11:55:08.755605
445 /
tcp
SMB Status:
Authentication: enabled
SMB Version: 1
OS: Windows Server 2008 R2 Enterprise 7601 Service Pack 1
Software: Windows Server 2008 R2 Enterprise 6.1
Capabilities: extended-security, infolevel-passthru, large-files, large-readx, large-writex, level2-oplocks, lock-and-read, lwio, nt-find, nt-smb, nt-status, rpc-remote-api, unicode
1644528329 | 2024-04-17T21:49:33.054019
3389 /
tcp
Remote Desktop Protocol
\x03\x00\x00\x13\x0e\xd0\x00\x00\x124\x00\x02\t\x08\x00\x02\x00\x00\x00
Remote Desktop Protocol NTLM Info:
OS: Windows 7/Windows Server 2008 R2
OS Build: 6.1.7601
Target Name: AAAAAAAAAA
NetBIOS Domain Name: AAAAAAAAAA
NetBIOS Computer Name: AAAAAAAAAA
DNS Domain Name: AAAAAAAAAA
FQDN: AAAAAAAAAA
SSL Certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
38:f0:be:4b:56:7a:a7:b5:4b:5c:12:80:4d:9a:0e:00
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=AAAAAAAAAA
Validity
Not Before: Apr 16 14:53:17 2024 GMT
Not After : Oct 16 14:53:17 2024 GMT
Subject: CN=AAAAAAAAAA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:93:45:0e:7f:93:3e:86:56:c7:3a:36:34:91:44:
a1:ac:93:38:ed:f5:de:5c:16:df:68:e0:51:aa:20:
2d:f4:fd:26:f2:f4:e0:38:63:00:ac:7e:d4:b1:c7:
6e:54:7c:e0:c2:bd:53:24:91:bc:f2:14:20:ad:c3:
fc:4c:e9:8d:b1:6b:44:3d:19:e0:1a:43:c3:65:45:
84:f0:6b:46:15:9a:91:1d:8a:f4:15:f6:e5:38:6c:
23:fd:f1:06:83:30:4a:5a:a1:61:c8:c8:bd:9a:40:
c4:0e:2c:36:af:70:f4:16:bd:12:0d:65:08:05:16:
1b:5c:f7:73:dc:d5:43:8f:8b:83:1d:84:88:2c:36:
88:32:6d:b1:bd:73:6a:03:e7:4b:99:16:1e:d8:12:
b5:87:1d:69:90:3b:99:5f:5c:f5:f1:34:fd:1f:43:
18:07:50:3f:fd:2f:b9:70:59:8f:c7:f5:30:1a:09:
19:38:4b:08:07:c2:2e:9c:c6:c7:a6:de:c4:ac:d9:
8b:ed:5c:89:c0:1a:15:40:49:28:f8:b8:57:a8:50:
e8:99:1e:70:2a:5f:dd:8c:4e:b5:c8:07:db:01:7a:
0d:3f:51:9c:79:79:1e:6f:68:0a:48:e0:38:4e:c1:
f9:03:d2:bc:4a:ff:5b:bc:9e:90:b3:fc:2a:11:34:
21:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage:
Key Encipherment, Data Encipherment
Signature Algorithm: sha1WithRSAEncryption
Signature Value:
58:37:6f:79:de:17:52:d3:3c:89:83:1b:a0:eb:d1:21:8a:42:
a1:0c:cd:47:22:29:cd:0e:40:d1:36:c6:23:7a:14:81:62:89:
ef:dd:cc:3d:7c:01:2a:13:f1:18:9f:45:c8:72:69:3d:6b:f8:
de:2f:eb:6d:b6:95:92:b3:3a:09:8c:b3:c3:f5:3b:4b:e9:cd:
af:35:9c:b3:05:29:f2:37:7e:17:05:8f:04:b7:d9:9f:46:4e:
d7:b9:7b:22:e4:7b:ea:a2:2c:7a:d4:90:7c:ca:54:75:c2:63:
14:9a:4a:48:0f:5e:1a:1d:7e:e0:5d:55:e9:e4:a8:30:a3:ef:
c3:99:8f:c9:ba:29:61:94:e7:8d:ef:53:cc:ab:f4:67:0c:d4:
4a:e8:50:71:bb:82:bf:f8:b2:a0:45:de:30:87:7d:41:1c:22:
c7:ed:75:54:43:b2:a8:bc:e1:59:d9:e9:cf:54:32:4d:12:eb:
d4:60:5f:d1:db:67:59:2e:93:56:a9:14:1d:6d:31:1c:bb:dd:
54:84:19:7a:c8:0e:39:f8:43:54:6b:65:6a:52:75:7a:a2:10:
d8:1b:85:60:68:b6:62:ec:f7:cf:59:36:d1:61:a6:3c:b9:79:
a8:14:b2:e5:3b:35:8b:07:64:f1:c3:f4:24:46:67:7f:5d:b6:
5b:58:6f:8a
