Cloud Provider | Tencent Cloud |
Country | China |
City | Shenzhen |
Organization | Tencent Cloud Computing (Beijing) Co., Ltd |
ISP | Shenzhen Tencent Computer Systems Company Limited |
ASN | AS45090 |
Operating System | Windows (build 6.1.7601) |
375970262 | 2024-09-05T08:29:56.888812135 / tcp
Microsoft RPC Endpoint Mapper d95afe70-a6d5-4259-822e-2c84da1ddb0d version: v1.0 protocol: [MS-RSP]: Remote Shutdown Protocol provider: wininit.exe ncacn_ip_tcp: 172.16.0.11:49152 ncalrpc: WindowsShutdown ncacn_np: \\172_16_0_11\PIPE\InitShutdown ncalrpc: WMsgKRpc0465E0 76f226c3-ec14-4325-8a99-6a46348418af version: v1.0 provider: winlogon.exe ncalrpc: WindowsShutdown ncacn_np: \\172_16_0_11\PIPE\InitShutdown ncalrpc: WMsgKRpc0465E0 ncalrpc: WMsgKRpc046751 ncalrpc: WMsgKRpc028A6A2 c9ac6db5-82b7-4e55-ae8a-e464ed7b4277 version: v1.0 annotation: Impl friendly name provider: sysntfy.dll ncalrpc: LRPC-22bac898b4ccda14cd ncacn_np: \\172_16_0_11\PIPE\srvsvc ncacn_ip_tcp: 172.16.0.11:49154 ncacn_np: \\172_16_0_11\PIPE\atsvc ncalrpc: senssvc ncalrpc: OLE3804FC54872E4D529CE1B6D582B0 ncalrpc: IUserProfile2 ncalrpc: senssvc ncalrpc: OLE3804FC54872E4D529CE1B6D582B0 ncalrpc: IUserProfile2 ncalrpc: OLE3804FC54872E4D529CE1B6D582B0 ncalrpc: IUserProfile2 ncalrpc: IUserProfile2 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6 version: v1.0 annotation: DHCPv6 Client LRPC Endpoint provider: dhcpcsvc6.dll ncalrpc: dhcpcsvc6 ncalrpc: dhcpcsvc ncacn_ip_tcp: 172.16.0.11:49153 ncacn_np: \\172_16_0_11\pipe\eventlog ncalrpc: eventlog 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5 version: v1.0 annotation: DHCP Client LRPC Endpoint provider: dhcpcsvc.dll ncalrpc: dhcpcsvc ncacn_ip_tcp: 172.16.0.11:49153 ncacn_np: \\172_16_0_11\pipe\eventlog ncalrpc: eventlog 30adc50c-5cbc-46ce-9a0e-91914789e23c version: v1.0 annotation: NRP server endpoint provider: nrpsrv.dll ncacn_ip_tcp: 172.16.0.11:49153 ncacn_np: \\172_16_0_11\pipe\eventlog ncalrpc: eventlog f6beaff7-1e19-4fbb-9f8f-b89e2018337c version: v1.0 annotation: Event log TCPIP protocol: [MS-EVEN6]: EventLog Remoting Protocol provider: wevtsvc.dll ncacn_ip_tcp: 172.16.0.11:49153 ncacn_np: \\172_16_0_11\pipe\eventlog ncalrpc: eventlog 30b044a5-a225-43f0-b3a4-e060df91f9c1 version: v1.0 provider: certprop.dll ncacn_np: \\172_16_0_11\PIPE\srvsvc ncacn_ip_tcp: 172.16.0.11:49154 ncacn_np: \\172_16_0_11\PIPE\atsvc ncalrpc: senssvc ncalrpc: OLE3804FC54872E4D529CE1B6D582B0 ncalrpc: IUserProfile2 98716d03-89ac-44c7-bb8c-285824e51c4a version: v1.0 annotation: XactSrv service provider: srvsvc.dll ncacn_ip_tcp: 172.16.0.11:49154 ncacn_np: \\172_16_0_11\PIPE\atsvc ncalrpc: senssvc ncalrpc: OLE3804FC54872E4D529CE1B6D582B0 ncalrpc: IUserProfile2 552d076a-cb29-4e44-8b6a-d15e59e2c0af version: v1.0 annotation: IP Transition Configuration endpoint provider: iphlpsvc.dll ncacn_ip_tcp: 172.16.0.11:49154 ncacn_np: \\172_16_0_11\PIPE\atsvc ncalrpc: senssvc ncalrpc: OLE3804FC54872E4D529CE1B6D582B0 ncalrpc: IUserProfile2 a398e520-d59a-4bdd-aa7a-3c1e0303a511 version: v1.0 annotation: IKE/Authip API provider: IKEEXT.DLL ncacn_ip_tcp: 172.16.0.11:49154 ncacn_np: \\172_16_0_11\PIPE\atsvc ncalrpc: senssvc ncalrpc: OLE3804FC54872E4D529CE1B6D582B0 ncalrpc: IUserProfile2 86d35949-83c9-4044-b424-db363231fd0c version: v1.0 protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol provider: schedsvc.dll ncacn_ip_tcp: 172.16.0.11:49154 ncacn_np: \\172_16_0_11\PIPE\atsvc ncalrpc: senssvc ncalrpc: OLE3804FC54872E4D529CE1B6D582B0 ncalrpc: IUserProfile2 378e52b0-c0a9-11cf-822d-00aa0051e40f version: v1.0 protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol provider: taskcomp.dll ncacn_np: \\172_16_0_11\PIPE\atsvc ncalrpc: senssvc ncalrpc: OLE3804FC54872E4D529CE1B6D582B0 ncalrpc: IUserProfile2 1ff70682-0a51-30e8-076d-740be8cee98b version: v1.0 protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol provider: taskcomp.dll ncacn_np: \\172_16_0_11\PIPE\atsvc ncalrpc: senssvc ncalrpc: OLE3804FC54872E4D529CE1B6D582B0 ncalrpc: IUserProfile2 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53 version: v1.0 provider: schedsvc.dll ncalrpc: senssvc ncalrpc: OLE3804FC54872E4D529CE1B6D582B0 ncalrpc: IUserProfile2 2eb08e3e-639f-4fba-97b1-14f878961076 version: v1.0 provider: gpsvc.dll ncalrpc: OLE3804FC54872E4D529CE1B6D582B0 ncalrpc: IUserProfile2 3473dd4d-2e88-4006-9cba-22570909dd10 version: v5.256 annotation: WinHttp Auto-Proxy Service ncacn_np: \\172_16_0_11\PIPE\W32TIME_ALT ncalrpc: W32TIME_ALT ncalrpc: LRPC-958482ff235f9459c9 ncalrpc: OLEE572CB79DCD8402EB6F78DEFA52B 7ea70bcf-48af-4f6a-8968-6a440754d5fa version: v1.0 annotation: NSI server endpoint provider: nsisvc.dll ncalrpc: LRPC-958482ff235f9459c9 ncalrpc: OLEE572CB79DCD8402EB6F78DEFA52B 24019106-a203-4642-b88d-82dae9158929 version: v1.0 provider: authui.dll ncalrpc: LRPC-ec6a580e1657b34c66 2fb92682-6599-42dc-ae13-bd2ca89bd11c version: v1.0 annotation: Fw APIs provider: MPSSVC.dll ncalrpc: LRPC-6f0ee482299d9b8f8c 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03 version: v1.0 annotation: Fw APIs provider: MPSSVC.dll ncalrpc: LRPC-6f0ee482299d9b8f8c dd490425-5325-4565-b774-7e27d6c09c24 version: v1.0 annotation: Base Firewall Engine API provider: BFE.DLL ncalrpc: LRPC-6f0ee482299d9b8f8c 7f1343fe-50a9-4927-a778-0c5859517bac version: v1.0 annotation: DfsDs service ncacn_np: \\172_16_0_11\PIPE\wkssvc ncalrpc: DNSResolver 4a452661-8290-4b36-8fbe-7f4093a94978 version: v1.0 annotation: Spooler function endpoint provider: spoolsv.exe ncalrpc: spoolss ae33069b-a2a8-46ee-a235-ddfd339be281 version: v1.0 annotation: Spooler base remote object endpoint protocol: [MS-PAN]: Print System Asynchronous Notification Protocol provider: spoolsv.exe ncalrpc: spoolss 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1 version: v1.0 annotation: Spooler function endpoint protocol: [MS-PAN]: Print System Asynchronous Notification Protocol provider: spoolsv.exe ncalrpc: spoolss 12345678-1234-abcd-ef00-0123456789ab version: v1.0 annotation: IPSec Policy agent endpoint protocol: [MS-RPRN]: Print System Remote Protocol provider: spoolsv.exe ncalrpc: LRPC-56d000b6e57e995e53 ncacn_ip_tcp: 172.16.0.11:49156 6b5bdd1e-528c-422c-af8c-a4079be4fe48 version: v1.0 annotation: Remote Fw APIs protocol: [MS-FASP]: Firewall and Advanced Security Protocol provider: FwRemoteSvr.dll ncacn_ip_tcp: 172.16.0.11:49156 12345778-1234-abcd-ef00-0123456789ac version: v1.0 protocol: [MS-SAMR]: Security Account Manager (SAM) Remote Protocol provider: samsrv.dll ncacn_ip_tcp: 172.16.0.11:49170 ncalrpc: samss lpc ncalrpc: dsrole ncacn_np: \\172_16_0_11\PIPE\protected_storage ncalrpc: protected_storage ncalrpc: lsasspirpc ncalrpc: lsapolicylookup ncalrpc: LSARPC_ENDPOINT ncalrpc: securityevent ncalrpc: audit ncalrpc: LRPC-d97c88d3085577fe7a ncacn_np: \\172_16_0_11\pipe\lsass 367abb81-9844-35f1-ad32-98f038001003 version: v2.0 protocol: [MS-SCMR]: Service Control Manager Remote Protocol provider: services.exe ncacn_ip_tcp: 172.16.0.11:49185 12e65dd8-887f-41ef-91bf-8d816c42c2e7 version: v1.0 annotation: Secure Desktop LRPC interface provider: winlogon.exe ncalrpc: WMsgKRpc028A6A2 906b0ce0-c70b-1067-b317-00dd010662da version: v1.0 protocol: [MS-CMPO]: MSDTC Connection Manager: provider: msdtcprx.dll ncalrpc: LRPC-549280550550e1a216 ncalrpc: LRPC-549280550550e1a216 ncalrpc: LRPC-549280550550e1a216 ncalrpc: LRPC-549280550550e1a216
-734489489 | 2024-09-15T17:06:32.2462003389 / tcp
Remote Desktop Protocol \x03\x00\x00\x13\x0e\xd0\x00\x00\x124\x00\x02\t\x08\x00\x02\x00\x00\x00 Remote Desktop Protocol NTLM Info: OS: Windows 7/Windows Server 2008 R2 OS Build: 6.1.7601 Target Name: 172_16_0_11 NetBIOS Domain Name: 172_16_0_11 NetBIOS Computer Name: 172_16_0_11 DNS Domain Name: 172_16_0_11 FQDN: 172_16_0_11
Certificate: Data: Version: 3 (0x2) Serial Number: 16:46:57:0b:8b:44:23:95:4c:c3:46:9e:57:bc:45:6a Signature Algorithm: sha1WithRSAEncryption Issuer: CN=\x001\x007\x002\x00_\x001\x006\x00_\x000\x00_\x001\x001 Validity Not Before: Apr 24 16:00:14 2024 GMT Not After : Oct 24 16:00:14 2024 GMT Subject: CN=\x001\x007\x002\x00_\x001\x006\x00_\x000\x00_\x001\x001 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:b7:b5:de:2b:fa:2b:67:4e:ef:e3:78:50:8f:d7: 6a:1c:38:14:cc:07:c6:54:31:b6:28:3d:4f:94:3d: 65:c8:d5:99:ce:38:c5:8b:32:fc:1b:69:3a:51:c1: 56:eb:da:2b:3c:83:33:f6:50:67:18:a3:50:2c:21: 20:fd:d6:a4:53:b2:90:11:28:80:b8:06:3e:8b:5c: 36:84:a6:50:a9:f8:e8:2d:bc:b6:91:7f:fb:f5:44: eb:4b:aa:8e:08:8f:ae:05:5b:62:43:d7:61:aa:da: a1:7d:4a:5d:ee:46:ea:d7:a4:40:e2:bc:0a:3b:46: bc:3b:6c:10:a5:96:95:6d:56:1a:3e:12:6b:30:4c: 8d:72:21:bc:02:4b:c0:41:01:a0:38:7f:f4:04:b0: 2f:6a:05:0c:17:75:e8:6e:4d:7d:b7:40:2d:89:c9: 5f:98:df:ea:e1:25:18:e9:24:01:0b:aa:0a:04:8c: b4:eb:18:e1:13:85:60:72:9a:fb:11:ac:57:17:d3: 72:6f:f0:8e:16:ed:26:ec:b1:ad:9e:01:6b:7c:d0: 3c:4d:6a:e6:fa:da:ea:c7:67:fc:83:64:81:cb:d4: 4b:93:ab:f2:42:95:47:5f:7a:4e:33:f4:23:02:1b: 9a:2d:c6:3d:83:29:93:03:45:0c:14:3e:67:47:54: 6e:65 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Extended Key Usage: TLS Web Server Authentication X509v3 Key Usage: Key Encipherment, Data Encipherment Signature Algorithm: sha1WithRSAEncryption Signature Value: 5f:30:ff:6e:eb:d7:cf:9e:c4:1e:2a:3c:81:db:73:be:b0:94: 83:f7:91:2b:f4:de:11:bb:e6:d4:c7:aa:db:95:ce:2b:2b:0a: 22:0e:d5:88:8f:5c:11:b7:5a:74:2b:d1:b0:6d:d1:42:64:cf: 47:0d:ad:2b:c0:c4:33:6a:98:1a:df:0d:ee:0d:3c:15:10:ce: c0:e5:85:b4:54:86:40:49:b7:69:c0:af:f9:95:fc:60:0d:86: 0d:26:0c:45:f2:6b:9c:8b:b6:31:1d:aa:46:0e:a3:d0:f4:f8: 0a:f3:3d:d6:d1:03:89:d9:bd:9e:13:23:7e:d4:08:7c:be:b2: 1b:fa:b9:45:20:3b:c5:62:db:ef:16:c8:9f:2e:f1:04:63:d1: b5:1b:c8:86:81:a6:e6:4b:65:b5:02:c4:ef:ee:70:f0:34:36: 29:af:81:bb:0c:79:74:b0:5e:5f:02:a5:17:6e:51:c0:cf:14: d1:ec:6b:af:9e:77:25:13:b2:97:f8:ae:d5:39:eb:85:7c:5c: 78:13:e3:bd:17:03:91:cc:a0:63:a0:0b:83:88:3a:7a:a1:fb: 98:b2:9f:04:fc:ac:96:09:1c:e1:97:38:5a:4b:e8:e5:e7:26: 9d:b8:d5:3a:e6:76:7c:57:af:fe:70:a1:ff:ec:fe:ff:b0:9e: 85:85:6f:bd