-200537782 | 2024-12-31T12:32:18.020117
135 /
tcp
Microsoft RPC Endpoint Mapper
12345778-1234-abcd-ef00-0123456789ac
version: v1.0
protocol: [MS-SAMR]: Security Account Manager (SAM) Remote Protocol
provider: samsrv.dll
ncacn_ip_tcp: 10.1.1.137:49155
ncalrpc: samss lpc
ncalrpc: dsrole
ncacn_np: \\SERVER\PIPE\protected_storage
ncalrpc: protected_storage
ncalrpc: securityevent
ncalrpc: audit
ncalrpc: LRPC-f69d3fbb391594fdc0
ncacn_np: \\SERVER\pipe\lsass
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277
version: v1.0
annotation: Impl friendly name
provider: sysntfy.dll
ncalrpc: samss lpc
ncalrpc: dsrole
ncacn_np: \\SERVER\PIPE\protected_storage
ncalrpc: protected_storage
ncalrpc: securityevent
ncalrpc: audit
ncalrpc: LRPC-f69d3fbb391594fdc0
ncacn_np: \\SERVER\pipe\lsass
ncalrpc: LRPC-94c84e5ac985b0b2e6
ncalrpc: LRPC-7ec09ea84738f0f102
ncacn_np: \\SERVER\PIPE\srvsvc
ncalrpc: SECLOGON
ncacn_ip_tcp: 10.1.1.137:49154
ncacn_np: \\SERVER\PIPE\atsvc
ncalrpc: OLE68157BA0AD5E4075B4CF62F686F1
ncalrpc: senssvc
ncalrpc: IUserProfile2
ncalrpc: senssvc
ncalrpc: IUserProfile2
ncalrpc: IUserProfile2
d95afe70-a6d5-4259-822e-2c84da1ddb0d
version: v1.0
protocol: [MS-RSP]: Remote Shutdown Protocol
provider: wininit.exe
ncacn_ip_tcp: 10.1.1.137:49152
ncalrpc: WindowsShutdown
ncacn_np: \\SERVER\PIPE\InitShutdown
ncalrpc: WMsgKRpc08AB10
76f226c3-ec14-4325-8a99-6a46348418af
version: v1.0
provider: winlogon.exe
ncalrpc: WindowsShutdown
ncacn_np: \\SERVER\PIPE\InitShutdown
ncalrpc: WMsgKRpc08AB10
ncalrpc: WMsgKRpc08EFF1
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5
version: v1.0
annotation: DHCP Client LRPC Endpoint
provider: dhcpcsvc.dll
ncalrpc: dhcpcsvc
ncalrpc: dhcpcsvc6
ncacn_ip_tcp: 10.1.1.137:49153
ncacn_np: \\SERVER\pipe\eventlog
ncalrpc: eventlog
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6
version: v1.0
annotation: DHCPv6 Client LRPC Endpoint
provider: dhcpcsvc6.dll
ncalrpc: dhcpcsvc6
ncacn_ip_tcp: 10.1.1.137:49153
ncacn_np: \\SERVER\pipe\eventlog
ncalrpc: eventlog
f6beaff7-1e19-4fbb-9f8f-b89e2018337c
version: v1.0
annotation: Event log TCPIP
protocol: [MS-EVEN6]: EventLog Remoting Protocol
provider: wevtsvc.dll
ncacn_ip_tcp: 10.1.1.137:49153
ncacn_np: \\SERVER\pipe\eventlog
ncalrpc: eventlog
2eb08e3e-639f-4fba-97b1-14f878961076
version: v1.0
provider: gpsvc.dll
ncalrpc: LRPC-7ec09ea84738f0f102
30b044a5-a225-43f0-b3a4-e060df91f9c1
version: v1.0
provider: certprop.dll
ncacn_np: \\SERVER\PIPE\srvsvc
ncalrpc: SECLOGON
ncacn_ip_tcp: 10.1.1.137:49154
ncacn_np: \\SERVER\PIPE\atsvc
ncalrpc: OLE68157BA0AD5E4075B4CF62F686F1
ncalrpc: senssvc
ncalrpc: IUserProfile2
a398e520-d59a-4bdd-aa7a-3c1e0303a511
version: v1.0
annotation: IKE/Authip API
provider: IKEEXT.DLL
ncacn_ip_tcp: 10.1.1.137:49154
ncacn_np: \\SERVER\PIPE\atsvc
ncalrpc: OLE68157BA0AD5E4075B4CF62F686F1
ncalrpc: senssvc
ncalrpc: IUserProfile2
86d35949-83c9-4044-b424-db363231fd0c
version: v1.0
protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
provider: schedsvc.dll
ncacn_ip_tcp: 10.1.1.137:49154
ncacn_np: \\SERVER\PIPE\atsvc
ncalrpc: OLE68157BA0AD5E4075B4CF62F686F1
ncalrpc: senssvc
ncalrpc: IUserProfile2
378e52b0-c0a9-11cf-822d-00aa0051e40f
version: v1.0
protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
provider: taskcomp.dll
ncacn_np: \\SERVER\PIPE\atsvc
ncalrpc: OLE68157BA0AD5E4075B4CF62F686F1
ncalrpc: senssvc
ncalrpc: IUserProfile2
1ff70682-0a51-30e8-076d-740be8cee98b
version: v1.0
protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
provider: taskcomp.dll
ncacn_np: \\SERVER\PIPE\atsvc
ncalrpc: OLE68157BA0AD5E4075B4CF62F686F1
ncalrpc: senssvc
ncalrpc: IUserProfile2
0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53
version: v1.0
provider: schedsvc.dll
ncalrpc: OLE68157BA0AD5E4075B4CF62F686F1
ncalrpc: senssvc
ncalrpc: IUserProfile2
24019106-a203-4642-b88d-82dae9158929
version: v1.0
provider: authui.dll
ncalrpc: LRPC-bdf20bf7d55b7e897a
3473dd4d-2e88-4006-9cba-22570909dd10
version: v5.256
annotation: WinHttp Auto-Proxy Service
ncacn_np: \\SERVER\PIPE\W32TIME_ALT
ncalrpc: W32TIME_ALT
ncacn_np: \\SERVER\PIPE\wkssvc
ncalrpc: LRPC-31e2ca33c820a9b55f
ncalrpc: OLE43A498C7ECAD45E68333C8F6C1A3
7ea70bcf-48af-4f6a-8968-6a440754d5fa
version: v1.0
annotation: NSI server endpoint
provider: nsisvc.dll
ncalrpc: LRPC-31e2ca33c820a9b55f
ncalrpc: OLE43A498C7ECAD45E68333C8F6C1A3
2fb92682-6599-42dc-ae13-bd2ca89bd11c
version: v1.0
annotation: Fw APIs
provider: MPSSVC.dll
ncalrpc: LRPC-6b7caa00ed83e2ee4a
7f9d11bf-7fb9-436b-a812-b2d50c5d4c03
version: v1.0
annotation: Fw APIs
provider: MPSSVC.dll
ncalrpc: LRPC-6b7caa00ed83e2ee4a
dd490425-5325-4565-b774-7e27d6c09c24
version: v1.0
annotation: Base Firewall Engine API
provider: BFE.DLL
ncalrpc: LRPC-6b7caa00ed83e2ee4a
76f03f96-cdfd-44fc-a22c-64950a001209
version: v1.0
annotation: Spooler function endpoint
protocol: [MS-PAR]: Print System Asynchronous Remote Protocol
provider: spoolsv.exe
ncacn_ip_tcp: 10.1.1.137:49170
ncacn_np: \\SERVER\pipe\spoolss
ncalrpc: OLE3E8D697D024245A88DAD4025AD2B
ncalrpc: spoolss
4a452661-8290-4b36-8fbe-7f4093a94978
version: v1.0
annotation: Spooler function endpoint
provider: spoolsv.exe
ncalrpc: spoolss
ae33069b-a2a8-46ee-a235-ddfd339be281
version: v1.0
annotation: Spooler base remote object endpoint
protocol: [MS-PAN]: Print System Asynchronous Notification Protocol
provider: spoolsv.exe
ncacn_ip_tcp: 10.1.1.137:49170
ncacn_np: \\SERVER\pipe\spoolss
ncalrpc: OLE3E8D697D024245A88DAD4025AD2B
ncalrpc: spoolss
0b6edbfa-4a24-4fc6-8a23-942b1eca65d1
version: v1.0
annotation: Spooler function endpoint
protocol: [MS-PAN]: Print System Asynchronous Notification Protocol
provider: spoolsv.exe
ncacn_ip_tcp: 10.1.1.137:49170
ncacn_np: \\SERVER\pipe\spoolss
ncalrpc: OLE3E8D697D024245A88DAD4025AD2B
ncalrpc: spoolss
12345678-1234-abcd-ef00-0123456789ab
version: v1.0
annotation: IPSec Policy agent endpoint
protocol: [MS-RPRN]: Print System Remote Protocol
provider: spoolsv.exe
ncalrpc: LRPC-8cf5fd609e8cda1b60
ncacn_ip_tcp: 10.1.1.137:49157
6b5bdd1e-528c-422c-af8c-a4079be4fe48
version: v1.0
annotation: Remote Fw APIs
protocol: [MS-FASP]: Firewall and Advanced Security Protocol
provider: FwRemoteSvr.dll
ncacn_ip_tcp: 10.1.1.137:49157
367abb81-9844-35f1-ad32-98f038001003
version: v2.0
protocol: [MS-SCMR]: Service Control Manager Remote Protocol
provider: services.exe
ncacn_ip_tcp: 10.1.1.137:49169
2f5f6521-cb55-1059-b446-00df0bce31db
version: v1.0
annotation: Unimodem LRPC Endpoint
ncalrpc: unimdmsvc
ncalrpc: tapsrvlpc
ncacn_np: \\SERVER\pipe\tapsrv
906b0ce0-c70b-1067-b317-00dd010662da
version: v1.0
protocol: [MS-CMPO]: MSDTC Connection Manager:
provider: msdtcprx.dll
ncalrpc: LRPC-e3ac9eff51011e68aa
ncalrpc: LRPC-e3ac9eff51011e68aa
ncalrpc: LRPC-e3ac9eff51011e68aa
ncalrpc: LRPC-e3ac9eff51011e68aa
-1329988910 | 2024-12-21T23:53:24.602409
3389 /
tcp
Remote Desktop Protocol
\x03\x00\x00\x13\x0e\xd0\x00\x00\x124\x00\x02\x00\x08\x00\x02\x00\x00\x00
Remote Desktop Protocol NTLM Info:
OS: Windows Vista/Windows Server 2008
OS Build: 6.0.6003
Target Name: SERVER
NetBIOS Domain Name: SERVER
NetBIOS Computer Name: SERVER
DNS Domain Name: SERVER
FQDN: SERVER
Encrypted by BlackBit
All your files have been encrypted due to a security problem with your computer
If you want to restore them, write us to the e-mail: SuppBlackbitgmail.com
Write this ID in the title of your message: 547427F7
In case of no answer in 24 hours write us to this e-maik SuppBlackBitprotonmail.com
BD Windows Server2008
Enterprise
SSL Certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
74:b1:f7:f9:19:e8:62:bc:4b:b6:d6:d7:6e:91:a6:72
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=SERVER
Validity
Not Before: Aug 26 05:55:48 2024 GMT
Not After : Feb 25 05:55:48 2025 GMT
Subject: CN=SERVER
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d7:35:d9:2f:18:44:1b:ca:5f:21:76:59:d0:5d:
e6:bf:2f:e8:e4:90:76:6f:4d:63:ed:4f:c3:eb:62:
5b:1b:0c:9a:b4:bb:6b:1d:1f:f8:59:03:7b:56:a0:
9d:d2:b3:e2:10:9b:a9:6d:5c:07:e0:4d:81:7d:fa:
a3:ba:1a:91:dc:6b:9b:ea:e6:94:31:3b:21:58:80:
1d:f6:d4:e9:00:26:a1:7f:9b:a4:4e:87:1e:19:8d:
e9:f9:ac:1f:da:e9:34:a4:ee:63:f8:e7:9a:c2:ce:
72:1b:09:45:d9:6d:6f:e0:95:eb:1f:44:cd:e4:90:
6a:2b:11:cc:b0:f5:82:80:b4:f1:78:9a:5d:75:da:
79:2f:f0:f7:0d:69:ed:2d:81:d8:3d:c2:68:76:bf:
e6:0a:5d:5f:02:e4:e3:bc:95:e0:34:ed:a3:0d:8f:
16:45:ae:d1:18:86:89:7d:68:47:7d:c0:c2:38:5d:
b8:22:4a:7c:f8:93:85:51:42:6a:95:55:ba:29:1a:
68:d7:90:9f:2b:59:d2:56:6c:ac:55:72:0c:ad:32:
07:dd:ef:e2:7a:c2:35:a6:7f:c8:7f:53:4b:49:98:
d1:06:65:9b:08:cd:d0:11:ef:43:f7:17:47:3d:44:
52:bc:1f:b9:18:f6:3c:e3:9b:55:17:a6:27:9c:3b:
df:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage:
Key Encipherment, Data Encipherment
Signature Algorithm: sha1WithRSAEncryption
Signature Value:
87:69:6f:5b:18:6e:e0:e2:82:74:81:04:da:80:92:bf:9d:8a:
5b:f3:3c:06:45:cc:2f:b1:cd:43:39:ad:f8:91:ec:5f:0c:1f:
e4:5f:da:7f:1d:c0:16:19:bd:b0:20:71:0d:aa:f0:35:1d:48:
5f:3f:11:7e:b3:d0:ef:1a:60:43:09:cb:78:32:ab:d3:4f:6d:
bd:18:48:38:75:14:c8:4c:8b:ff:ea:d8:b8:78:11:c3:7e:c7:
7b:f3:dd:32:74:83:25:c3:5f:78:47:a4:a1:8f:6c:71:bd:d8:
a2:49:31:d9:83:2a:4b:bf:33:0d:4f:2e:3c:d7:e5:72:9f:31:
2b:9b:04:13:a1:5e:4a:ef:23:e9:8e:11:55:cd:23:19:ca:eb:
e9:fe:c1:8a:1c:8f:4b:15:ce:3d:f3:b4:3a:21:0e:8e:17:b0:
6b:b3:42:d1:64:d7:20:15:88:9d:3a:5f:d7:4c:18:d7:85:e2:
95:b2:dd:50:33:69:1b:b8:70:07:79:13:f7:8b:7f:3b:fc:71:
90:c1:70:5c:13:3b:51:4c:0f:65:9a:89:42:8c:35:e3:2f:10:
c4:1a:32:fc:86:e5:e6:b7:e8:fa:5b:d9:aa:b0:4a:5d:18:a1:
20:9a:7b:b0:da:ca:7c:57:d5:0e:de:8b:b5:99:3c:4d:c9:33:
77:fa:8d:bd
-1684583448 | 2024-12-30T11:38:33.875681
5357 /
tcp
HTTP/1.1 503 Service Unavailable
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Mon, 30 Dec 2024 11:38:33 GMT
Connection: close
Content-Length: 326
