-779942131 | 2024-11-07T19:24:00.473944
135 /
tcp
Microsoft RPC Endpoint Mapper
51a227ae-825b-41f2-b4a9-1ac9557a1018
version: v1.0
annotation: Ngc Pop Key Service
ncacn_ip_tcp: 209.145.50.29:49664
ncalrpc: samss lpc
ncalrpc: SidKey Local End Point
ncalrpc: protected_storage
ncalrpc: lsasspirpc
ncalrpc: lsapolicylookup
ncalrpc: LSA_EAS_ENDPOINT
ncalrpc: LSA_IDPEXT_ENDPOINT
ncalrpc: lsacap
ncalrpc: LSARPC_ENDPOINT
ncalrpc: securityevent
ncalrpc: audit
ncacn_np: \\VMI1441939\pipe\lsass
8fb74744-b2ff-4c00-be0d-9ef9a191fe1b
version: v1.0
annotation: Ngc Pop Key Service
ncacn_ip_tcp: 209.145.50.29:49664
ncalrpc: samss lpc
ncalrpc: SidKey Local End Point
ncalrpc: protected_storage
ncalrpc: lsasspirpc
ncalrpc: lsapolicylookup
ncalrpc: LSA_EAS_ENDPOINT
ncalrpc: LSA_IDPEXT_ENDPOINT
ncalrpc: lsacap
ncalrpc: LSARPC_ENDPOINT
ncalrpc: securityevent
ncalrpc: audit
ncacn_np: \\VMI1441939\pipe\lsass
b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86
version: v2.0
annotation: KeyIso
ncacn_ip_tcp: 209.145.50.29:49664
ncalrpc: samss lpc
ncalrpc: SidKey Local End Point
ncalrpc: protected_storage
ncalrpc: lsasspirpc
ncalrpc: lsapolicylookup
ncalrpc: LSA_EAS_ENDPOINT
ncalrpc: LSA_IDPEXT_ENDPOINT
ncalrpc: lsacap
ncalrpc: LSARPC_ENDPOINT
ncalrpc: securityevent
ncalrpc: audit
ncacn_np: \\VMI1441939\pipe\lsass
12345778-1234-abcd-ef00-0123456789ac
version: v1.0
protocol: [MS-SAMR]: Security Account Manager (SAM) Remote Protocol
provider: samsrv.dll
ncacn_ip_tcp: 209.145.50.29:49664
ncalrpc: samss lpc
ncalrpc: SidKey Local End Point
ncalrpc: protected_storage
ncalrpc: lsasspirpc
ncalrpc: lsapolicylookup
ncalrpc: LSA_EAS_ENDPOINT
ncalrpc: LSA_IDPEXT_ENDPOINT
ncalrpc: lsacap
ncalrpc: LSARPC_ENDPOINT
ncalrpc: securityevent
ncalrpc: audit
ncacn_np: \\VMI1441939\pipe\lsass
d95afe70-a6d5-4259-822e-2c84da1ddb0d
version: v1.0
protocol: [MS-RSP]: Remote Shutdown Protocol
provider: wininit.exe
ncacn_ip_tcp: 209.145.50.29:49665
ncalrpc: WindowsShutdown
ncacn_np: \\VMI1441939\PIPE\InitShutdown
ncalrpc: WMsgKRpc054000
76f226c3-ec14-4325-8a99-6a46348418af
version: v1.0
provider: winlogon.exe
ncalrpc: WindowsShutdown
ncacn_np: \\VMI1441939\PIPE\InitShutdown
ncalrpc: WMsgKRpc054000
ncalrpc: WMsgKRpc0564A1
ncalrpc: WMsgKRpc04292D2
fc48cd89-98d6-4628-9839-86f7a3e4161a
version: v1.0
ncalrpc: dabrpc
ncalrpc: csebpub
ncalrpc: LRPC-32357c6976afb84b62
ncalrpc: LRPC-43f9337cebc79fee81
ncalrpc: LRPC-cdebaa712944ede9d8
ncalrpc: LRPC-5a29ec29187a1a84b3
ncalrpc: OLEB1995167639D3430FC38057BE9F2
ncalrpc: LRPC-fe72a283a854876f08
ncalrpc: actkernel
ncalrpc: umpo
d09bdeb5-6171-4a34-bfe2-06fa82652568
version: v1.0
ncalrpc: csebpub
ncalrpc: LRPC-32357c6976afb84b62
ncalrpc: LRPC-43f9337cebc79fee81
ncalrpc: LRPC-cdebaa712944ede9d8
ncalrpc: LRPC-5a29ec29187a1a84b3
ncalrpc: OLEB1995167639D3430FC38057BE9F2
ncalrpc: LRPC-fe72a283a854876f08
ncalrpc: actkernel
ncalrpc: umpo
ncalrpc: LRPC-43f9337cebc79fee81
ncalrpc: LRPC-cdebaa712944ede9d8
ncalrpc: LRPC-5a29ec29187a1a84b3
ncalrpc: OLEB1995167639D3430FC38057BE9F2
ncalrpc: LRPC-fe72a283a854876f08
ncalrpc: actkernel
ncalrpc: umpo
ncalrpc: LRPC-cdebaa712944ede9d8
ncalrpc: LRPC-5a29ec29187a1a84b3
ncalrpc: OLEB1995167639D3430FC38057BE9F2
ncalrpc: LRPC-fe72a283a854876f08
ncalrpc: actkernel
ncalrpc: umpo
ncalrpc: LRPC-cea6918d20e73170e0
ncalrpc: LRPC-d3bf5069642a8b6beb
697dcda9-3ba9-4eb2-9247-e11f1901b0d2
version: v1.0
ncalrpc: LRPC-32357c6976afb84b62
ncalrpc: LRPC-43f9337cebc79fee81
ncalrpc: LRPC-cdebaa712944ede9d8
ncalrpc: LRPC-5a29ec29187a1a84b3
ncalrpc: OLEB1995167639D3430FC38057BE9F2
ncalrpc: LRPC-fe72a283a854876f08
ncalrpc: actkernel
ncalrpc: umpo
9b008953-f195-4bf9-bde0-4471971e58ed
version: v1.0
ncalrpc: LRPC-43f9337cebc79fee81
ncalrpc: LRPC-cdebaa712944ede9d8
ncalrpc: LRPC-5a29ec29187a1a84b3
ncalrpc: OLEB1995167639D3430FC38057BE9F2
ncalrpc: LRPC-fe72a283a854876f08
ncalrpc: actkernel
ncalrpc: umpo
0d47017b-b33b-46ad-9e18-fe96456c5078
version: v1.0
ncalrpc: umpo
95406f0b-b239-4318-91bb-cea3a46ff0dc
version: v1.0
ncalrpc: umpo
4ed8abcc-f1e2-438b-981f-bb0e8abc010c
version: v1.0
ncalrpc: umpo
0ff1f646-13bb-400a-ab50-9a78f2b7a85a
version: v1.0
ncalrpc: umpo
6982a06e-5fe2-46b1-b39c-a2c545bfa069
version: v1.0
ncalrpc: umpo
082a3471-31b6-422a-b931-a54401960c62
version: v1.0
ncalrpc: umpo
fae436b0-b864-4a87-9eda-298547cd82f2
version: v1.0
ncalrpc: umpo
e53d94ca-7464-4839-b044-09a2fb8b3ae5
version: v1.0
ncalrpc: umpo
178d84be-9291-4994-82c6-3f909aca5a03
version: v1.0
ncalrpc: umpo
4dace966-a243-4450-ae3f-9b7bcb5315b8
version: v2.0
ncalrpc: umpo
1832bcf6-cab8-41d4-85d2-c9410764f75a
version: v1.0
ncalrpc: umpo
c521facf-09a9-42c5-b155-72388595cbf0
version: v0.0
ncalrpc: umpo
2c7fd9ce-e706-4b40-b412-953107ef9bb0
version: v0.0
ncalrpc: umpo
88abcbc3-34ea-76ae-8215-767520655a23
version: v0.0
ncalrpc: LRPC-5a29ec29187a1a84b3
ncalrpc: OLEB1995167639D3430FC38057BE9F2
ncalrpc: LRPC-fe72a283a854876f08
ncalrpc: actkernel
ncalrpc: umpo
76c217bc-c8b4-4201-a745-373ad9032b1a
version: v1.0
ncalrpc: LRPC-5a29ec29187a1a84b3
ncalrpc: OLEB1995167639D3430FC38057BE9F2
ncalrpc: LRPC-fe72a283a854876f08
ncalrpc: actkernel
ncalrpc: umpo
55e6b932-1979-45d6-90c5-7f6270724112
version: v1.0
ncalrpc: LRPC-5a29ec29187a1a84b3
ncalrpc: OLEB1995167639D3430FC38057BE9F2
ncalrpc: LRPC-fe72a283a854876f08
ncalrpc: actkernel
ncalrpc: umpo
857fb1be-084f-4fb5-b59c-4b2c4be5f0cf
version: v1.0
ncalrpc: OLEB1995167639D3430FC38057BE9F2
ncalrpc: LRPC-fe72a283a854876f08
ncalrpc: actkernel
ncalrpc: umpo
20c40295-8dba-48e6-aebf-3e78ef3bb144
version: v2.0
ncalrpc: OLEB1995167639D3430FC38057BE9F2
ncalrpc: LRPC-fe72a283a854876f08
ncalrpc: actkernel
ncalrpc: umpo
2513bcbe-6cd4-4348-855e-7efb3c336dd3
version: v2.0
ncalrpc: OLEB1995167639D3430FC38057BE9F2
ncalrpc: LRPC-fe72a283a854876f08
ncalrpc: actkernel
ncalrpc: umpo
0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e
version: v1.0
ncalrpc: LRPC-fe72a283a854876f08
ncalrpc: actkernel
ncalrpc: umpo
c605f9fb-f0a3-4e2a-a073-73560f8d9e3e
version: v1.0
ncalrpc: LRPC-fe72a283a854876f08
ncalrpc: actkernel
ncalrpc: umpo
1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0
version: v1.0
ncalrpc: LRPC-fe72a283a854876f08
ncalrpc: actkernel
ncalrpc: umpo
8bfc3be1-6def-4e2d-af74-7c47cd0ade4a
version: v1.0
ncalrpc: LRPC-fe72a283a854876f08
ncalrpc: actkernel
ncalrpc: umpo
2d98a740-581d-41b9-aa0d-a88b9d5ce938
version: v1.0
ncalrpc: LRPC-fe72a283a854876f08
ncalrpc: actkernel
ncalrpc: umpo
dd59071b-3215-4c59-8481-972edadc0f6a
version: v1.0
ncalrpc: actkernel
ncalrpc: umpo
0361ae94-0316-4c6c-8ad8-c594375800e2
version: v1.0
ncalrpc: umpo
5824833b-3c1a-4ad2-bdfd-c31d19e23ed2
version: v1.0
ncalrpc: umpo
bdaa0970-413b-4a3e-9e5d-f6dc9d7e0760
version: v1.0
ncalrpc: umpo
3b338d89-6cfa-44b8-847e-531531bc9992
version: v1.0
ncalrpc: umpo
8782d3b9-ebbd-4644-a3d8-e8725381919b
version: v1.0
ncalrpc: umpo
085b0334-e454-4d91-9b8c-4134f9e793f3
version: v1.0
ncalrpc: umpo
4bec6bb8-b5c2-4b6f-b2c1-5da5cf92d0d9
version: v1.0
ncalrpc: umpo
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277
version: v1.0
annotation: Impl friendly name
provider: sysntfy.dll
ncalrpc: LRPC-ea1c2146ef568c2a4b
ncalrpc: LRPC-9fcb1d494d26b23807
ncalrpc: IUserProfile2
ncalrpc: LRPC-e98575bf227c1662a2
ncalrpc: senssvc
ncalrpc: LRPC-90486a6456e0c26e06
e40f7b57-7a25-4cd3-a135-7f7d3df9d16b
version: v1.0
ncalrpc: LRPC-c45987fd81ec7c1a1d
880fd55e-43b9-11e0-b1a8-cf4edfd72085
version: v1.0
annotation: KAPI Service endpoint
ncalrpc: LRPC-50fff73bb1947e40f0
ncalrpc: OLE1DE2FA2DFAF860389BDE62BBCF87
ncalrpc: LRPC-cea6918d20e73170e0
5222821f-d5e2-4885-84f1-5f6185a0ec41
version: v1.0
ncalrpc: LRPC-ed88a00e176e96f6e6
a500d4c6-0dd1-4543-bc0c-d5f93486eaf8
version: v1.0
ncalrpc: LRPC-65aa0f2587eaf35deb
ncalrpc: LRPC-d3bf5069642a8b6beb
f3f09ffd-fbcf-4291-944d-70ad6e0e73bb
version: v1.0
ncalrpc: LRPC-e3ff58fade5d228ac0
f6beaff7-1e19-4fbb-9f8f-b89e2018337c
version: v1.0
annotation: Event log TCPIP
protocol: [MS-EVEN6]: EventLog Remoting Protocol
provider: wevtsvc.dll
ncacn_ip_tcp: 209.145.50.29:49666
ncacn_np: \\VMI1441939\pipe\eventlog
ncalrpc: eventlog
7ea70bcf-48af-4f6a-8968-6a440754d5fa
version: v1.0
annotation: NSI server endpoint
provider: nsisvc.dll
ncalrpc: LRPC-c79f2dca4afdad68cf
2eb08e3e-639f-4fba-97b1-14f878961076
version: v1.0
annotation: Group Policy RPC Interface
provider: gpsvc.dll
ncalrpc: LRPC-b0a83097f638143a5c
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5
version: v1.0
annotation: DHCP Client LRPC Endpoint
provider: dhcpcsvc.dll
ncalrpc: dhcpcsvc
ncalrpc: dhcpcsvc6
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6
version: v1.0
annotation: DHCPv6 Client LRPC Endpoint
provider: dhcpcsvc6.dll
ncalrpc: dhcpcsvc6
3a9ef155-691d-4449-8d05-09ad57031823
version: v1.0
ncacn_ip_tcp: 209.145.50.29:49667
ncalrpc: LRPC-020e5c8ed2e4505c6c
ncalrpc: ubpmtaskhostchannel
ncacn_np: \\VMI1441939\PIPE\atsvc
ncalrpc: LRPC-52282ac9ceb6ff1efc
86d35949-83c9-4044-b424-db363231fd0c
version: v1.0
protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
provider: schedsvc.dll
ncacn_ip_tcp: 209.145.50.29:49667
ncalrpc: LRPC-020e5c8ed2e4505c6c
ncalrpc: ubpmtaskhostchannel
ncacn_np: \\VMI1441939\PIPE\atsvc
ncalrpc: LRPC-52282ac9ceb6ff1efc
33d84484-3626-47ee-8c6f-e7e98b113be1
version: v2.0
ncalrpc: LRPC-020e5c8ed2e4505c6c
ncalrpc: ubpmtaskhostchannel
ncacn_np: \\VMI1441939\PIPE\atsvc
ncalrpc: LRPC-52282ac9ceb6ff1efc
378e52b0-c0a9-11cf-822d-00aa0051e40f
version: v1.0
protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
provider: taskcomp.dll
ncacn_np: \\VMI1441939\PIPE\atsvc
ncalrpc: LRPC-52282ac9ceb6ff1efc
1ff70682-0a51-30e8-076d-740be8cee98b
version: v1.0
protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
provider: taskcomp.dll
ncacn_np: \\VMI1441939\PIPE\atsvc
ncalrpc: LRPC-52282ac9ceb6ff1efc
0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53
version: v1.0
provider: schedsvc.dll
ncalrpc: LRPC-52282ac9ceb6ff1efc
3f787932-3452-4363-8651-6ea97bb373bb
version: v1.0
annotation: NSP Rpc Interface
ncalrpc: LRPC-c771b75ac64c378805
ncalrpc: OLE5B49538C88392F7A4B3935F8981C
30b044a5-a225-43f0-b3a4-e060df91f9c1
version: v1.0
provider: certprop.dll
ncalrpc: LRPC-cef0c6148eb21e5fea
30adc50c-5cbc-46ce-9a0e-91914789e23c
version: v1.0
annotation: NRP server endpoint
provider: nrpsrv.dll
ncalrpc: LRPC-0faf1810ce78eb4600
ncalrpc: DNSResolver
0d3c7f20-1c8d-4654-a1b3-51563b298bda
version: v1.0
annotation: UserMgrCli
ncalrpc: LRPC-bf478037a2f4e0cd43
ncalrpc: OLEB8E035CD8D003F1BE05DD022228B
b18fbab6-56f8-4702-84e0-41053293a869
version: v1.0
annotation: UserMgrCli
ncalrpc: LRPC-bf478037a2f4e0cd43
ncalrpc: OLEB8E035CD8D003F1BE05DD022228B
3473dd4d-2e88-4006-9cba-22570909dd10
version: v5.256
annotation: WinHttp Auto-Proxy Service
ncalrpc: 5897def1-de82-4d40-920b-8982d77b544f
ncalrpc: LRPC-f817e8bf7b7f05945b
7f1343fe-50a9-4927-a778-0c5859517bac
version: v1.0
annotation: DfsDs service
ncacn_np: \\VMI1441939\PIPE\wkssvc
ncalrpc: LRPC-49cfcc5a6f7ec61b1a
eb081a0d-10ee-478a-a1dd-50995283e7a8
version: v3.0
annotation: Witness Client Test Interface
ncalrpc: LRPC-49cfcc5a6f7ec61b1a
f2c9b409-c1c9-4100-8639-d8ab1486694a
version: v1.0
annotation: Witness Client Upcall Server
ncalrpc: LRPC-49cfcc5a6f7ec61b1a
13560fa9-8c09-4b56-a1fd-04d083b9b2a1
version: v1.0
ncalrpc: LRPC-7a26c8f7b033d3b2fd
ncalrpc: OLED03910FCE7EEBB96788DC62CE3B4
c2d1b5dd-fa81-4460-9dd6-e7658b85454b
version: v1.0
ncalrpc: LRPC-7a26c8f7b033d3b2fd
ncalrpc: OLED03910FCE7EEBB96788DC62CE3B4
f44e62af-dab1-44c2-8013-049a9de417d6
version: v1.0
ncalrpc: LRPC-7a26c8f7b033d3b2fd
ncalrpc: OLED03910FCE7EEBB96788DC62CE3B4
b37f900a-eae4-4304-a2ab-12bb668c0188
version: v1.0
ncalrpc: LRPC-7a26c8f7b033d3b2fd
ncalrpc: OLED03910FCE7EEBB96788DC62CE3B4
abfb6ca3-0c5e-4734-9285-0aee72fe8d1c
version: v1.0
ncalrpc: LRPC-7a26c8f7b033d3b2fd
ncalrpc: OLED03910FCE7EEBB96788DC62CE3B4
509bc7ae-77be-4ee8-b07c-0d096bb44345
version: v1.0
ncalrpc: LRPC-9e20d8b3cd5cac8fa5
ncalrpc: OLE579CD4F5CF430625DC15E6663A5D
29770a8f-829b-4158-90a2-78cd488501f7
version: v1.0
ncacn_ip_tcp: 209.145.50.29:49670
ncacn_np: \\VMI1441939\pipe\SessEnvPublicRpc
ncalrpc: SessEnvPrivateRpc
ncalrpc: LRPC-90486a6456e0c26e06
2fb92682-6599-42dc-ae13-bd2ca89bd11c
version: v1.0
annotation: Fw APIs
provider: MPSSVC.dll
ncalrpc: LRPC-a32602e407dc821255
ncalrpc: LRPC-51d0b7d9dac5eb25df
ncalrpc: LRPC-91825471a258ed90a5
ncalrpc: LRPC-1d80a1b6bf9e93520f
f47433c3-3e9d-4157-aad4-83aa1f5c2d4c
version: v1.0
annotation: Fw APIs
ncalrpc: LRPC-51d0b7d9dac5eb25df
ncalrpc: LRPC-91825471a258ed90a5
ncalrpc: LRPC-1d80a1b6bf9e93520f
7f9d11bf-7fb9-436b-a812-b2d50c5d4c03
version: v1.0
annotation: Fw APIs
provider: MPSSVC.dll
ncalrpc: LRPC-91825471a258ed90a5
ncalrpc: LRPC-1d80a1b6bf9e93520f
dd490425-5325-4565-b774-7e27d6c09c24
version: v1.0
annotation: Base Firewall Engine API
provider: BFE.DLL
ncalrpc: LRPC-1d80a1b6bf9e93520f
76f03f96-cdfd-44fc-a22c-64950a001209
version: v1.0
protocol: [MS-PAR]: Print System Asynchronous Remote Protocol
provider: spoolsv.exe
ncacn_ip_tcp: 209.145.50.29:49671
ncalrpc: LRPC-4bfed42f43603f8024
4a452661-8290-4b36-8fbe-7f4093a94978
version: v1.0
provider: spoolsv.exe
ncacn_ip_tcp: 209.145.50.29:49671
ncalrpc: LRPC-4bfed42f43603f8024
ae33069b-a2a8-46ee-a235-ddfd339be281
version: v1.0
protocol: [MS-PAN]: Print System Asynchronous Notification Protocol
provider: spoolsv.exe
ncacn_ip_tcp: 209.145.50.29:49671
ncalrpc: LRPC-4bfed42f43603f8024
0b6edbfa-4a24-4fc6-8a23-942b1eca65d1
version: v1.0
protocol: [MS-PAN]: Print System Asynchronous Notification Protocol
provider: spoolsv.exe
ncacn_ip_tcp: 209.145.50.29:49671
ncalrpc: LRPC-4bfed42f43603f8024
12345678-1234-abcd-ef00-0123456789ab
version: v1.0
protocol: [MS-RPRN]: Print System Remote Protocol
provider: spoolsv.exe
ncacn_ip_tcp: 209.145.50.29:49671
ncalrpc: LRPC-4bfed42f43603f8024
a398e520-d59a-4bdd-aa7a-3c1e0303a511
version: v1.0
annotation: IKE/Authip API
provider: IKEEXT.DLL
ncalrpc: LRPC-ed6a76d3b69f99617c
6b5bdd1e-528c-422c-af8c-a4079be4fe48
version: v1.0
annotation: Remote Fw APIs
protocol: [MS-FASP]: Firewall and Advanced Security Protocol
provider: FwRemoteSvr.dll
ncacn_ip_tcp: 209.145.50.29:49672
98cd761e-e77d-41c8-a3c0-0fb756d90ec2
version: v1.0
ncalrpc: LRPC-914f076675303074da
ncalrpc: OLE6C531547221B9CF30FEDEE7E6BA5
d22895ef-aff4-42c5-a5b2-b14466d34ab4
version: v1.0
ncalrpc: LRPC-914f076675303074da
ncalrpc: OLE6C531547221B9CF30FEDEE7E6BA5
e38f5360-8572-473e-b696-1b46873beeab
version: v1.0
ncalrpc: LRPC-914f076675303074da
ncalrpc: OLE6C531547221B9CF30FEDEE7E6BA5
95095ec8-32ea-4eb0-a3e2-041f97b36168
version: v1.0
ncalrpc: LRPC-914f076675303074da
ncalrpc: OLE6C531547221B9CF30FEDEE7E6BA5
fd8be72b-a9cd-4b2c-a9ca-4ded242fbe4d
version: v1.0
ncalrpc: LRPC-914f076675303074da
ncalrpc: OLE6C531547221B9CF30FEDEE7E6BA5
4c9dbf19-d39e-4bb9-90ee-8f7179b20283
version: v1.0
ncalrpc: LRPC-914f076675303074da
ncalrpc: OLE6C531547221B9CF30FEDEE7E6BA5
d4051bde-9cdd-4910-b393-4aa85ec3c482
version: v1.0
ncalrpc: LRPC-914f076675303074da
ncalrpc: OLE6C531547221B9CF30FEDEE7E6BA5
b58aa02e-2884-4e97-8176-4ee06d794184
version: v1.0
provider: sysmain.dll
ncalrpc: LRPC-da360c565e2d5fbe7a
c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1
version: v1.0
annotation: Adh APIs
ncalrpc: OLEB331166EF25211445B6621C170CF
ncalrpc: TeredoControl
ncalrpc: TeredoDiagnostics
ncalrpc: LRPC-ed01b6979ddc7dd028
c36be077-e14b-4fe9-8abc-e856ef4f048b
version: v1.0
annotation: Proxy Manager client server endpoint
ncalrpc: TeredoControl
ncalrpc: TeredoDiagnostics
ncalrpc: LRPC-ed01b6979ddc7dd028
2e6035b2-e8f1-41a7-a044-656b439c4c34
version: v1.0
annotation: Proxy Manager provider server endpoint
ncalrpc: TeredoControl
ncalrpc: TeredoDiagnostics
ncalrpc: LRPC-ed01b6979ddc7dd028
552d076a-cb29-4e44-8b6a-d15e59e2c0af
version: v1.0
annotation: IP Transition Configuration endpoint
provider: iphlpsvc.dll
ncalrpc: LRPC-ed01b6979ddc7dd028
7df1ceae-de4e-4e6f-ab14-49636e7c2052
version: v1.0
ncalrpc: LRPC-c5407c809b0062c298
1a0d010f-1c33-432c-b0f5-8cf4e8053099
version: v1.0
annotation: IdSegSrv service
ncalrpc: LRPC-2f7e061fbc4d59a36f
98716d03-89ac-44c7-bb8c-285824e51c4a
version: v1.0
annotation: XactSrv service
provider: srvsvc.dll
ncalrpc: LRPC-2f7e061fbc4d59a36f
367abb81-9844-35f1-ad32-98f038001003
version: v2.0
protocol: [MS-SCMR]: Service Control Manager Remote Protocol
provider: services.exe
ncacn_ip_tcp: 209.145.50.29:49674
650a7e26-eab8-5533-ce43-9c1dfce11511
version: v1.0
annotation: Vpn APIs
ncalrpc: LRPC-fdc1c41d053ecc77a3
ncalrpc: VpnikeRpc
ncalrpc: RasmanLrpc
ncacn_np: \\VMI1441939\PIPE\ROUTER
12e65dd8-887f-41ef-91bf-8d816c42c2e7
version: v1.0
annotation: Secure Desktop LRPC interface
provider: winlogon.exe
ncalrpc: WMsgKRpc04292D2
b1ef227e-dfa5-421e-82bb-67a6a129c496
version: v0.0
ncalrpc: LRPC-e206bfc6ebc88faabd
ncalrpc: OLE86BAD6AE7BF410D2BB538A556319
0fc77b1a-95d8-4a2e-a0c0-cff54237462b
version: v0.0
ncalrpc: LRPC-e206bfc6ebc88faabd
ncalrpc: OLE86BAD6AE7BF410D2BB538A556319
8ec21e98-b5ce-4916-a3d6-449fa428a007
version: v0.0
ncalrpc: LRPC-e206bfc6ebc88faabd
ncalrpc: OLE86BAD6AE7BF410D2BB538A556319
0767a036-0d22-48aa-ba69-b619480f38cb
version: v1.0
annotation: PcaSvc
provider: pcasvc.dll
ncalrpc: LRPC-4cc7c428fb5032f6e9
906b0ce0-c70b-1067-b317-00dd010662da
version: v1.0
protocol: [MS-CMPO]: MSDTC Connection Manager:
provider: msdtcprx.dll
ncalrpc: LRPC-feb4b85d6b5680ee4b
ncalrpc: LRPC-feb4b85d6b5680ee4b
ncalrpc: LRPC-feb4b85d6b5680ee4b
d249bd56-4cc0-4fd3-8ce6-6fe050d590cb
version: v0.0
ncalrpc: LRPC-116f4c73d991100f74
d8140e00-5c46-4ae6-80ac-2f9a76df224c
version: v0.0
ncalrpc: LRPC-116f4c73d991100f74
c503f532-443a-4c69-8300-ccd1fbdb3839
version: v2.0
ncalrpc: LRPC-8e1d481319b54fddf3
ncalrpc: OLE3F3B34071F4D6C75C3F3F814F179
58e604e8-9adb-4d2e-a464-3b0683fb1480
version: v1.0
annotation: AppInfo
provider: appinfo.dll
ncalrpc: LRPC-fb9c401429c0b22c74
fd7a0523-dc70-43dd-9b2e-9c5ed48225b1
version: v1.0
annotation: AppInfo
provider: appinfo.dll
ncalrpc: LRPC-fb9c401429c0b22c74
5f54ce7d-5b79-4175-8584-cb65313a0e98
version: v1.0
annotation: AppInfo
provider: appinfo.dll
ncalrpc: LRPC-fb9c401429c0b22c74
201ef99a-7fa0-444c-9399-19ba84f12a1a
version: v1.0
annotation: AppInfo
provider: appinfo.dll
ncalrpc: LRPC-fb9c401429c0b22c74
0497b57d-2e66-424f-a0c6-157cd5d41700
version: v1.0
annotation: AppInfo
ncalrpc: LRPC-fb9c401429c0b22c74
a4b8d482-80ce-40d6-934d-b22a01a44fe7
version: v1.0
annotation: LicenseManager
ncalrpc: LicenseServiceEndpoint
bf4dc912-e52f-4904-8ebe-9317c1bdd497
version: v1.0
ncalrpc: LRPC-c9cae6d16f394b4e8f
ncalrpc: OLE9BB355C1780ECCFF5332C26543C5
-757264002 | 2024-10-25T12:22:03.660527
139 /
tcp
-1166656618 | 2024-11-15T11:02:35.493546
445 /
tcp
SMB Status:
Authentication: enabled
SMB Version: 2
Capabilities: raw-mode
229463774 | 2024-11-03T12:11:21.743822
3389 /
tcp
Remote Desktop Protocol
\x03\x00\x00\x13\x0e\xd0\x00\x00\x124\x00\x02\x1f\x08\x00\x02\x00\x00\x00
Remote Desktop Protocol NTLM Info:
OS: Windows Server 2022
OS Build: 10.0.20348
Target Name: VMI1441939
NetBIOS Domain Name: VMI1441939
NetBIOS Computer Name: VMI1441939
DNS Domain Name: vmi1441939
FQDN: vmi1441939
; Administrator
SES
SSL Certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1f:84:4d:6f:59:48:cb:b7:4d:3d:8d:f2:db:ab:a0:7e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=vmi1441939
Validity
Not Before: Jun 25 06:20:09 2024 GMT
Not After : Dec 25 06:20:09 2024 GMT
Subject: CN=vmi1441939
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d9:f9:92:c8:41:28:d5:f4:d6:80:48:b0:5c:55:
29:04:42:c5:52:7e:d1:99:90:73:ba:45:36:a2:ad:
0c:95:23:9c:ed:9c:67:0f:95:57:48:b0:6e:9a:11:
69:40:7a:ea:32:d5:12:b1:86:91:6b:60:09:9f:69:
12:3f:98:20:11:45:c2:4b:58:fe:70:09:5b:eb:58:
e6:53:89:53:36:5f:ce:47:ea:0f:3f:bd:9d:82:d3:
a4:17:56:19:f1:44:ea:8b:22:2b:6e:61:b6:e4:af:
79:f0:58:d8:4d:d3:57:e1:7a:84:56:7b:e3:1b:f6:
f2:93:10:44:19:26:10:a3:12:a2:d5:dc:39:2a:07:
53:8e:10:e9:1a:57:84:0a:7c:87:56:3d:78:8e:1d:
fd:1e:c9:37:73:5e:8e:56:d0:a6:9b:79:20:ce:f6:
be:1c:58:cb:21:ac:e6:dd:3a:f7:89:3e:2b:83:25:
db:df:9f:de:3b:2a:1a:85:d9:e4:7b:be:59:8d:b9:
d4:cd:fb:9d:1f:c9:08:f7:95:19:37:49:12:db:07:
6f:2e:df:b3:02:f1:05:d3:33:2b:ce:4f:cc:4d:75:
e6:cf:d2:e9:3e:66:72:e2:37:52:c1:d0:03:f3:7f:
b5:56:21:2e:d0:b3:c1:11:d5:b9:11:2a:91:89:57:
64:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage:
Key Encipherment, Data Encipherment
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
6a:ee:71:4a:1b:01:d4:f4:25:80:de:b8:0b:8f:e0:b2:98:91:
a2:c3:e2:17:73:c3:1e:90:32:cd:5e:f8:ce:51:8b:a0:a9:c4:
82:b3:6c:66:5e:98:94:2b:78:e9:60:81:bb:9b:b8:d6:2d:97:
1f:a8:32:86:b0:be:8e:ba:64:48:18:46:e8:bb:cf:1c:d6:be:
7b:c4:e9:4a:54:9d:88:76:17:7c:9e:74:dc:3d:f0:f9:43:5e:
c1:e9:0b:53:a5:6d:04:b0:73:b4:53:45:0b:2a:7f:49:87:5a:
c0:aa:8d:d4:94:c9:a1:7a:8d:65:6e:76:69:af:c8:59:c1:65:
54:fa:5a:59:d8:27:70:85:d0:71:88:f9:00:6e:3e:3c:b4:8d:
1f:1d:34:14:7a:ad:4f:0b:35:6e:c3:0f:ec:a8:69:29:f8:98:
54:ef:64:fb:0e:4a:43:56:e5:16:af:f0:50:65:cc:01:df:63:
09:a3:25:9c:81:4d:3b:f5:5e:57:c0:d7:b4:9e:99:c1:c0:fc:
4d:35:39:49:1b:d9:6a:cb:78:9e:92:e0:9c:30:21:80:94:24:
3f:72:d5:01:0a:af:92:ee:6e:2b:ac:0d:67:b3:87:92:8c:49:
0a:b4:01:25:24:d6:51:74:e7:94:88:f4:dd:82:ec:0a:fd:64:
24:f9:6b:b5
1489525118 | 2024-11-13T00:10:36.929325
5985 /
tcp
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Wed, 13 Nov 2024 00:10:36 GMT
Connection: close
Content-Length: 315
WinRM NTLM Info:
OS: Windows Server 2022
OS Build: 10.0.20348
Target Name: VMI1441939
NetBIOS Domain Name: VMI1441939
NetBIOS Computer Name: VMI1441939
DNS Domain Name: vmi1441939
FQDN: vmi1441939
0 | 2024-10-23T01:14:24.611022
7777 /
tcp
SSL Certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
f3:21:a6:d2:e3:2f:49:39:a0:ca:90:c2:84:08:cb
Signature Algorithm: sha512WithRSAEncryption
Issuer: CN=AsyncRAT Server
Validity
Not Before: Feb 9 19:57:17 2022 GMT
Not After : Dec 31 23:59:59 9999 GMT
Subject: CN=AsyncRAT Server
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:87:6e:81:b5:82:97:1a:e1:51:61:d5:ab:5e:82:
5e:cf:ad:4a:b1:9a:13:bc:cd:3b:df:d2:d2:54:d8:
a8:46:9b:01:e4:5e:6f:a5:fb:10:81:13:c8:4c:8f:
b7:69:ff:55:fc:7b:8f:6b:f6:f7:78:1c:8a:c4:e8:
5d:06:b8:01:40:4e:e2:76:b8:8b:fb:66:c4:68:8a:
05:be:df:39:79:fc:7b:f9:24:02:b6:d2:3b:58:e1:
bc:ca:3e:88:c0:91:35:53:ae:b2:da:dc:5d:e4:f3:
b2:b1:bc:3f:2c:52:36:4d:e2:7d:fc:ea:4f:d6:f5:
42:aa:33:11:98:67:6d:d4:99:7f:80:fe:ae:e0:a2:
a1:56:7d:73:01:a8:66:4d:60:cb:15:53:f5:0c:92:
89:43:7a:ba:0a:d0:18:7c:45:23:a8:7a:a4:ad:d4:
ec:43:a5:62:2e:df:c4:47:d8:e4:6b:4b:dd:22:f7:
dd:55:bb:d7:6b:41:fe:35:0e:51:90:5a:ab:be:fb:
bd:a6:b1:38:6e:9d:d6:bc:1d:5f:b9:f3:ed:c6:8d:
35:b8:95:8c:0e:0c:7b:22:37:dc:d3:ff:77:bb:c2:
7a:d7:1c:56:dc:d7:7c:da:09:64:57:22:ec:1c:c0:
de:0a:50:6f:81:ef:c9:0f:81:61:f6:0c:2a:4a:6d:
96:62:5e:0e:96:e0:f6:37:01:ff:6f:37:d4:28:82:
f2:ba:5c:6f:d7:02:1d:9f:9b:72:24:1d:a4:ed:8b:
c5:2c:a5:32:46:f8:3a:7a:fc:a0:d3:3e:0b:f4:4d:
94:63:ed:06:9b:6e:6c:bf:59:76:b3:51:03:36:e1:
67:e8:9a:95:f2:36:29:96:de:0f:03:75:0a:c1:aa:
40:79:e5:8a:4d:2d:ee:fb:ea:9b:f9:75:fb:cf:18:
5a:4a:51:63:6a:59:99:0c:1d:43:43:a7:b1:68:12:
6b:73:e6:12:c1:9e:1d:b6:02:4f:7f:53:bf:7b:58:
ce:dd:79:36:55:b9:54:f1:ed:b8:05:b7:71:df:6b:
36:e0:e0:c7:0f:b8:0e:73:41:25:f7:31:33:4c:6f:
1f:82:32:7c:bc:d8:f2:f0:dd:1a:a0:d0:35:40:d7:
e7:52:64:d0:8b:f1:cb:57:22:a5:4f:8c:d1:02:6b:
13:2e:c6:c8:4f:c3:b2:6f:e7:fb:68:20:57:46:a6:
4b:55:51:e1:48:cd:d7:f2:9d:4b:c0:72:88:11:3e:
a2:87:03:85:c6:52:2f:45:41:87:29:b6:54:c4:5e:
67:c4:99:ad:6f:71:45:5b:83:e9:ea:74:25:54:2c:
82:5a:4e:0a:a6:ba:df:7b:b2:61:06:1d:de:9c:65:
cb:39:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6F:9D:D6:34:5E:F3:F1:18:06:B1:2B:32:85:EE:7B:7C:21:8E:95:5B
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha512WithRSAEncryption
Signature Value:
15:a6:c3:fb:47:87:02:22:07:35:6a:49:e1:7e:48:67:b2:36:
42:af:5a:92:36:60:0a:47:a6:b9:e9:87:0e:e5:e3:f5:17:00:
d5:bd:09:b6:fc:19:ed:2b:4c:6f:3c:bb:9d:28:46:02:3c:b6:
36:63:0d:fd:e3:89:ce:a8:d3:43:22:4c:c3:84:87:e7:02:e7:
4e:f0:85:5e:38:54:08:52:d0:1b:ce:d0:b6:8a:eb:a8:f5:e9:
60:07:06:d6:0d:b5:d4:6e:aa:c1:22:04:5e:48:db:57:97:99:
5f:0c:3b:41:c1:41:2b:4c:61:c1:9c:83:29:e8:0a:3c:62:98:
1c:10:04:98:eb:58:86:68:d0:04:8d:61:78:65:c1:a4:01:2c:
3e:f9:d5:2f:3f:77:63:29:ab:2a:81:af:48:ee:6e:15:a0:23:
cb:55:2f:14:9c:ad:85:32:15:f6:a0:4f:3c:86:23:9a:fa:42:
81:d3:cc:6a:5b:96:38:cd:66:cb:45:56:5c:3e:52:65:35:f8:
bc:82:0a:a6:72:3f:29:2c:a7:bd:e9:82:c9:14:37:55:e9:00:
a3:62:fc:19:3d:92:cb:25:b9:60:2b:49:34:0f:23:98:28:ca:
12:3a:34:40:81:2e:82:aa:f1:00:df:54:0f:47:e5:f2:7f:22:
6d:eb:4e:23:20:d0:fc:9c:fe:27:40:a5:c6:31:2a:7c:77:3c:
35:00:62:d3:6b:43:17:82:2f:20:54:7c:e4:60:bc:5c:90:2a:
96:62:7b:14:8b:81:af:12:22:1e:d8:7b:d1:5b:37:44:7a:f4:
c0:34:ed:65:06:16:19:06:c4:3a:f9:97:86:31:79:f5:a0:21:
83:da:17:7c:59:71:2f:7d:5e:db:ab:98:35:2e:de:6b:0f:f8:
36:ba:f0:11:98:47:bc:d6:71:10:8d:e5:a0:77:14:b2:a4:75:
85:d8:94:fe:bb:42:8e:2b:9b:05:38:f5:20:c5:dd:89:1b:66:
ef:53:8d:83:42:00:93:23:18:34:9d:c3:bf:f0:3e:d4:60:7e:
01:a4:97:1e:4e:df:f1:42:c2:7a:5a:5e:35:ae:0e:d3:9f:12:
80:79:52:17:c7:3c:c6:b6:aa:5c:45:3c:15:ce:24:ba:50:04:
67:c3:86:b4:8a:2d:21:8b:f6:ba:bf:66:a1:18:55:5a:62:6e:
74:7b:2c:fa:56:d8:a9:40:c1:f4:02:0c:3c:a2:f0:41:c9:54:
f0:35:25:bb:7e:89:ca:33:34:6b:4a:be:28:33:69:9d:e5:b9:
45:17:cd:8b:c3:58:b7:93:af:ca:69:c3:c6:84:c3:3d:c6:d0:
09:69:d6:53:e4:3d:92:68
