164556415 | 2024-05-11T09:04:12.875767
135 /
tcp
Microsoft RPC Endpoint Mapper
d95afe70-a6d5-4259-822e-2c84da1ddb0d
version: v1.0
protocol: [MS-RSP]: Remote Shutdown Protocol
provider: wininit.exe
ncacn_ip_tcp: 172.16.100.26:49152
ncalrpc: WindowsShutdown
ncacn_np: \\ECS-8140\PIPE\InitShutdown
ncalrpc: WMsgKRpc04B020
76f226c3-ec14-4325-8a99-6a46348418af
version: v1.0
provider: winlogon.exe
ncalrpc: WindowsShutdown
ncacn_np: \\ECS-8140\PIPE\InitShutdown
ncalrpc: WMsgKRpc04B020
ncalrpc: WMsgKRpc022C892
ncalrpc: WMsgKRpc0443463
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277
version: v1.0
annotation: Impl friendly name
provider: sysntfy.dll
ncalrpc: LRPC-0303df9e661f8d1803
ncacn_np: \\ECS-8140\PIPE\srvsvc
ncalrpc: senssvc
ncalrpc: OLE370BEEB985014BB8928F54D23B5E
ncalrpc: IUserProfile2
ncalrpc: senssvc
ncalrpc: OLE370BEEB985014BB8928F54D23B5E
ncalrpc: IUserProfile2
ncalrpc: OLE370BEEB985014BB8928F54D23B5E
ncalrpc: IUserProfile2
ncalrpc: IUserProfile2
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6
version: v1.0
annotation: DHCPv6 Client LRPC Endpoint
provider: dhcpcsvc6.dll
ncalrpc: dhcpcsvc6
ncalrpc: dhcpcsvc
ncacn_ip_tcp: 172.16.100.26:49153
ncacn_np: \\ECS-8140\pipe\eventlog
ncalrpc: eventlog
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5
version: v1.0
annotation: DHCP Client LRPC Endpoint
provider: dhcpcsvc.dll
ncalrpc: dhcpcsvc
ncacn_ip_tcp: 172.16.100.26:49153
ncacn_np: \\ECS-8140\pipe\eventlog
ncalrpc: eventlog
30adc50c-5cbc-46ce-9a0e-91914789e23c
version: v1.0
annotation: NRP server endpoint
provider: nrpsrv.dll
ncacn_ip_tcp: 172.16.100.26:49153
ncacn_np: \\ECS-8140\pipe\eventlog
ncalrpc: eventlog
f6beaff7-1e19-4fbb-9f8f-b89e2018337c
version: v1.0
annotation: Event log TCPIP
protocol: [MS-EVEN6]: EventLog Remoting Protocol
provider: wevtsvc.dll
ncacn_ip_tcp: 172.16.100.26:49153
ncacn_np: \\ECS-8140\pipe\eventlog
ncalrpc: eventlog
30b044a5-a225-43f0-b3a4-e060df91f9c1
version: v1.0
provider: certprop.dll
ncacn_np: \\ECS-8140\PIPE\srvsvc
ncalrpc: senssvc
ncalrpc: OLE370BEEB985014BB8928F54D23B5E
ncalrpc: IUserProfile2
98716d03-89ac-44c7-bb8c-285824e51c4a
version: v1.0
annotation: XactSrv service
provider: srvsvc.dll
ncalrpc: senssvc
ncalrpc: OLE370BEEB985014BB8928F54D23B5E
ncalrpc: IUserProfile2
552d076a-cb29-4e44-8b6a-d15e59e2c0af
version: v1.0
annotation: IP Transition Configuration endpoint
provider: iphlpsvc.dll
ncalrpc: senssvc
ncalrpc: OLE370BEEB985014BB8928F54D23B5E
ncalrpc: IUserProfile2
a398e520-d59a-4bdd-aa7a-3c1e0303a511
version: v1.0
annotation: IKE/Authip API
provider: IKEEXT.DLL
ncalrpc: senssvc
ncalrpc: OLE370BEEB985014BB8928F54D23B5E
ncalrpc: IUserProfile2
2eb08e3e-639f-4fba-97b1-14f878961076
version: v1.0
provider: gpsvc.dll
ncalrpc: OLE370BEEB985014BB8928F54D23B5E
ncalrpc: IUserProfile2
3473dd4d-2e88-4006-9cba-22570909dd10
version: v5.256
annotation: WinHttp Auto-Proxy Service
ncacn_np: \\ECS-8140\PIPE\W32TIME_ALT
ncalrpc: W32TIME_ALT
ncalrpc: LRPC-db75e9eab951041585
ncalrpc: OLEBD4C517AACF9454D82512FFCE315
7ea70bcf-48af-4f6a-8968-6a440754d5fa
version: v1.0
annotation: NSI server endpoint
provider: nsisvc.dll
ncalrpc: LRPC-db75e9eab951041585
ncalrpc: OLEBD4C517AACF9454D82512FFCE315
2fb92682-6599-42dc-ae13-bd2ca89bd11c
version: v1.0
annotation: Fw APIs
provider: MPSSVC.dll
ncalrpc: LRPC-55412434612e2d3cbd
7f9d11bf-7fb9-436b-a812-b2d50c5d4c03
version: v1.0
annotation: Fw APIs
provider: MPSSVC.dll
ncalrpc: LRPC-55412434612e2d3cbd
dd490425-5325-4565-b774-7e27d6c09c24
version: v1.0
annotation: Base Firewall Engine API
provider: BFE.DLL
ncalrpc: LRPC-55412434612e2d3cbd
7f1343fe-50a9-4927-a778-0c5859517bac
version: v1.0
annotation: DfsDs service
ncacn_np: \\ECS-8140\PIPE\wkssvc
ncalrpc: DNSResolver
4a452661-8290-4b36-8fbe-7f4093a94978
version: v1.0
annotation: Spooler function endpoint
provider: spoolsv.exe
ncalrpc: spoolss
ae33069b-a2a8-46ee-a235-ddfd339be281
version: v1.0
annotation: Spooler base remote object endpoint
protocol: [MS-PAN]: Print System Asynchronous Notification Protocol
provider: spoolsv.exe
ncalrpc: spoolss
0b6edbfa-4a24-4fc6-8a23-942b1eca65d1
version: v1.0
annotation: Spooler function endpoint
protocol: [MS-PAN]: Print System Asynchronous Notification Protocol
provider: spoolsv.exe
ncalrpc: spoolss
12345678-1234-abcd-ef00-0123456789ab
version: v1.0
annotation: IPSec Policy agent endpoint
protocol: [MS-RPRN]: Print System Remote Protocol
provider: spoolsv.exe
ncalrpc: LRPC-721fbaa0ab784fd07c
ncacn_ip_tcp: 172.16.100.26:49154
6b5bdd1e-528c-422c-af8c-a4079be4fe48
version: v1.0
annotation: Remote Fw APIs
protocol: [MS-FASP]: Firewall and Advanced Security Protocol
provider: FwRemoteSvr.dll
ncacn_ip_tcp: 172.16.100.26:49154
12345778-1234-abcd-ef00-0123456789ac
version: v1.0
protocol: [MS-SAMR]: Security Account Manager (SAM) Remote Protocol
provider: samsrv.dll
ncacn_ip_tcp: 172.16.100.26:49174
ncalrpc: samss lpc
ncalrpc: dsrole
ncacn_np: \\ECS-8140\PIPE\protected_storage
ncalrpc: protected_storage
ncalrpc: lsasspirpc
ncalrpc: lsapolicylookup
ncalrpc: LSARPC_ENDPOINT
ncalrpc: securityevent
ncalrpc: audit
ncalrpc: LRPC-4b8efcf22e7d6b367b
ncacn_np: \\ECS-8140\pipe\lsass
12e65dd8-887f-41ef-91bf-8d816c42c2e7
version: v1.0
annotation: Secure Desktop LRPC interface
provider: winlogon.exe
ncalrpc: WMsgKRpc022C892
367abb81-9844-35f1-ad32-98f038001003
version: v2.0
protocol: [MS-SCMR]: Service Control Manager Remote Protocol
provider: services.exe
ncacn_ip_tcp: 172.16.100.26:49201
906b0ce0-c70b-1067-b317-00dd010662da
version: v1.0
protocol: [MS-CMPO]: MSDTC Connection Manager:
provider: msdtcprx.dll
ncalrpc: LRPC-76fe486945f0ded71d
ncalrpc: OLE132E1BD62A3741A4A75C6C6D433E
ncalrpc: LRPC-c6fb3e4ebcb3ac2561
ncalrpc: LRPC-c6fb3e4ebcb3ac2561
ncalrpc: LRPC-c6fb3e4ebcb3ac2561
ncalrpc: LRPC-c6fb3e4ebcb3ac2561
24019106-a203-4642-b88d-82dae9158929
version: v1.0
provider: authui.dll
ncalrpc: LRPC-14ef57d47737414cff
1783930335 | 2024-04-24T16:50:48.444224
3389 /
tcp
Remote Desktop Protocol
\x03\x00\x00\x13\x0e\xd0\x00\x00\x124\x00\x02\t\x08\x00\x02\x00\x00\x00
Remote Desktop Protocol NTLM Info:
OS: Windows 7/Windows Server 2008 R2
OS Build: 6.1.7601
Target Name: ECS-8140
NetBIOS Domain Name: ECS-8140
NetBIOS Computer Name: ECS-8140
DNS Domain Name: ecs-8140
FQDN: ecs-8140
SSL Certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
35:95:07:e9:40:1a:b3:b8:48:2e:e5:41:80:24:f0:9a
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=ecs-8140
Validity
Not Before: Jan 27 06:42:12 2024 GMT
Not After : Jul 28 06:42:12 2024 GMT
Subject: CN=ecs-8140
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d0:84:ad:5b:42:10:c9:97:31:a7:04:6a:66:50:
30:d0:44:7e:3e:67:3e:45:b8:99:d5:5a:4b:b5:b2:
54:d4:fb:3a:47:4c:39:3b:9b:9e:20:9f:2c:2d:8d:
7f:d4:ab:d4:66:9a:9f:67:31:c7:4b:b4:1b:75:27:
b3:ab:d2:48:aa:80:05:7d:3b:cd:8c:eb:bc:86:a8:
2a:1b:15:57:c1:1a:14:2d:22:ce:c8:90:3f:b2:bd:
8d:ef:84:b7:76:c8:68:97:31:2a:c2:88:58:ca:0e:
53:04:80:7f:00:8e:3e:c6:51:d8:f5:58:01:82:71:
f5:18:25:fe:e8:16:8d:60:87:25:6d:ce:85:a7:bc:
cb:ed:de:bc:61:bf:1d:0c:70:82:db:09:57:5b:cf:
ef:4e:5a:a9:f7:9c:58:28:60:47:cf:5c:0e:0a:c9:
8c:3c:9f:3e:09:67:d4:ad:30:b3:85:c3:33:66:6e:
83:53:35:77:49:dc:cc:86:a5:0f:98:df:6f:de:2b:
a0:df:a4:76:4a:e4:e1:54:ee:09:91:03:a4:4e:6a:
69:11:89:1b:f0:95:07:e9:31:44:6c:ab:97:a8:b0:
78:74:08:3e:55:7b:43:03:d9:1d:49:d6:12:46:3f:
ba:1b:b6:a5:3d:82:03:4a:0e:a6:d5:5e:c7:5d:6f:
4e:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage:
Key Encipherment, Data Encipherment
Signature Algorithm: sha1WithRSAEncryption
Signature Value:
0d:80:48:3a:b9:01:dc:7f:da:68:55:f7:f2:71:55:ff:dd:95:
c1:c3:be:e8:bb:6d:42:8a:4d:74:03:76:79:15:2e:b2:ca:1f:
7c:ee:40:6b:ec:d0:df:f9:67:4b:21:1a:63:20:32:cc:68:ca:
9d:59:bd:3c:93:a1:60:ab:c2:4a:10:57:0c:dc:11:c7:6a:35:
8f:61:51:bd:d4:3c:48:29:c7:99:f4:1a:28:1e:d6:13:b8:6e:
1e:45:82:92:c5:ff:1e:e9:37:7e:57:04:df:98:5e:6f:a3:6a:
6c:a1:5d:37:6e:34:db:f3:2c:2d:9a:30:d8:fb:db:48:20:22:
e1:b0:59:22:5f:9b:c4:a9:b5:8e:4d:e7:74:94:1b:05:98:61:
b6:4e:ff:a2:cb:f9:83:c8:e3:79:c1:be:05:52:91:cb:cf:19:
4a:0b:60:fe:da:bf:05:9c:c3:06:b6:0e:59:10:54:38:a5:39:
8d:3e:cf:e9:78:76:0e:aa:0e:03:84:14:6c:cd:47:cb:ba:1a:
04:a1:ce:21:4e:df:44:6e:7e:46:6f:a2:4a:9c:35:3a:62:60:
1b:c3:55:ae:30:87:db:62:80:8a:3e:0e:a9:0f:76:a5:13:00:
e0:1f:6a:87:b1:d3:5c:33:74:36:8e:81:f3:a2:8b:50:4a:aa:
3e:ee:4a:56
1489525118 | 2024-05-13T01:51:29.347320
5986 /
tcp
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Mon, 13 May 2024 01:50:59 GMT
Connection: close
Content-Length: 315
WinRM NTLM Info:
OS: Windows Server 2008 R2
OS Build: 6.1.7601
Target Name: ECS-8140
NetBIOS Domain Name: ECS-8140
NetBIOS Computer Name: ECS-8140
DNS Domain Name: ecs-8140
FQDN: ecs-8140
SSL Certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3c:ec:64:c8:dd:0d:39:a5:46:d8:b3:a8:ff:ac:ca:50
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=Cloudbase-Init WinRM
Validity
Not Before: Nov 4 14:00:51 2019 GMT
Not After : Nov 2 14:00:51 2029 GMT
Subject: CN=Cloudbase-Init WinRM
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ae:15:aa:af:54:e4:a7:fa:88:e5:e2:ff:cb:47:
95:ab:5a:a0:d3:1d:e2:37:68:ba:7f:95:41:83:eb:
88:74:e7:e7:3a:0e:f2:50:15:6d:93:c8:b1:41:5d:
6b:66:65:c3:c9:5b:26:b4:1b:a3:7d:28:26:db:f5:
64:8e:22:19:be:33:00:49:aa:2b:bb:8c:36:fb:b9:
8b:58:89:70:05:96:c5:5e:1a:99:aa:fc:b9:16:33:
fc:81:b2:06:f7:52:f8:a7:40:36:3a:e1:60:a2:fe:
41:a0:b0:b0:29:5d:3c:de:f2:4a:2b:db:01:40:e5:
f4:64:f3:07:49:10:bf:1e:6e:9a:b3:68:6b:0d:65:
69:2f:1a:91:36:43:a1:48:94:9e:a9:2d:eb:3d:f5:
91:d3:63:5c:55:66:6e:00:4f:5e:ef:4b:9e:17:6b:
e6:6c:9c:48:aa:b6:c2:7f:21:92:fc:80:8c:b5:59:
c1:2c:11:76:9a:40:81:1d:c7:63:b4:e7:97:c0:f2:
86:8e:8a:f6:c7:a3:2e:80:cd:29:19:b0:18:ee:f9:
17:47:55:21:80:c6:58:e8:60:44:9c:a3:13:6a:55:
d2:af:ac:42:07:c1:f3:4e:6b:05:be:9f:72:5a:54:
9b:ef:73:86:8b:a2:07:5d:cf:7f:59:29:fa:e6:da:
eb:ab
Exponent: 65537 (0x10001)
Signature Algorithm: sha1WithRSAEncryption
Signature Value:
87:fa:71:70:ee:45:0a:e1:c7:cf:70:c9:af:0e:41:ce:52:57:
f1:e8:d5:9f:1b:de:60:fc:ea:23:cd:32:20:d4:9c:84:90:2b:
26:c3:fa:ad:eb:86:4e:21:cc:cd:01:4a:b1:74:de:7e:71:2d:
eb:b4:f7:e6:93:10:b8:41:90:09:f7:c1:68:da:d7:00:bb:3e:
4d:ee:5d:51:0d:53:7c:58:e7:d4:b0:bf:c0:78:a9:9f:6a:d6:
94:09:73:08:48:23:1b:50:07:06:32:f3:68:20:06:d8:a5:81:
e5:25:c7:bb:14:ff:b8:33:9d:4c:e8:1b:59:88:c6:ad:f4:ac:
2d:1e:1f:ec:d5:91:97:22:8d:2f:b8:09:fc:e9:c5:8f:08:54:
3f:e6:c3:2a:42:6e:44:63:bf:cb:45:e4:a7:a5:5a:99:76:ae:
6e:8f:c0:d3:a1:2c:d4:c9:7f:43:ea:64:43:49:30:c4:cf:d1:
79:c7:ff:38:e1:23:e3:cf:91:bd:eb:84:0f:01:2e:d9:d7:21:
53:c9:81:45:3a:7e:c5:a1:bc:d8:d1:ad:73:fd:c6:4f:46:00:
fe:f3:74:31:45:6e:dc:f9:e3:07:38:2e:ec:d0:59:66:37:90:
79:12:e1:97:ad:39:d3:e9:a1:8c:4c:57:c8:bb:7f:26:66:cb:
73:ff:35:08