Cloud Provider | Tencent Cloud |
Country | China |
City | Shanghai |
Organization | Tencent Cloud Computing (Beijing) Co., Ltd |
ISP | Shenzhen Tencent Computer Systems Company Limited |
ASN | AS45090 |
Operating System | Windows Server 2008 R2 Enterprise |
-1371114059 | 2024-08-27T02:23:33.696846135 / tcp
Microsoft RPC Endpoint Mapper d95afe70-a6d5-4259-822e-2c84da1ddb0d version: v1.0 protocol: [MS-RSP]: Remote Shutdown Protocol provider: wininit.exe ncacn_ip_tcp: 172.17.0.22:49152 ncalrpc: WindowsShutdown ncacn_np: \\172_17_0_4\PIPE\InitShutdown ncalrpc: WMsgKRpc061960 76f226c3-ec14-4325-8a99-6a46348418af version: v1.0 provider: winlogon.exe ncalrpc: WindowsShutdown ncacn_np: \\172_17_0_4\PIPE\InitShutdown ncalrpc: WMsgKRpc061960 ncalrpc: WMsgKRpc063F91 c9ac6db5-82b7-4e55-ae8a-e464ed7b4277 version: v1.0 annotation: Impl friendly name provider: sysntfy.dll ncalrpc: LRPC-bb1ea8828f601a8f32 ncacn_np: \\172_17_0_4\PIPE\srvsvc ncacn_ip_tcp: 172.17.0.22:49154 ncacn_np: \\172_17_0_4\PIPE\atsvc ncalrpc: senssvc ncalrpc: OLE6F4A7DCC3C9B406F9F2CE6596F34 ncalrpc: IUserProfile2 ncalrpc: senssvc ncalrpc: OLE6F4A7DCC3C9B406F9F2CE6596F34 ncalrpc: IUserProfile2 ncalrpc: OLE6F4A7DCC3C9B406F9F2CE6596F34 ncalrpc: IUserProfile2 ncalrpc: IUserProfile2 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5 version: v1.0 annotation: DHCP Client LRPC Endpoint provider: dhcpcsvc.dll ncalrpc: dhcpcsvc ncalrpc: dhcpcsvc6 ncacn_ip_tcp: 172.17.0.22:49153 ncacn_np: \\172_17_0_4\pipe\eventlog ncalrpc: eventlog 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6 version: v1.0 annotation: DHCPv6 Client LRPC Endpoint provider: dhcpcsvc6.dll ncalrpc: dhcpcsvc6 ncacn_ip_tcp: 172.17.0.22:49153 ncacn_np: \\172_17_0_4\pipe\eventlog ncalrpc: eventlog 30adc50c-5cbc-46ce-9a0e-91914789e23c version: v1.0 annotation: NRP server endpoint provider: nrpsrv.dll ncacn_ip_tcp: 172.17.0.22:49153 ncacn_np: \\172_17_0_4\pipe\eventlog ncalrpc: eventlog f6beaff7-1e19-4fbb-9f8f-b89e2018337c version: v1.0 annotation: Event log TCPIP protocol: [MS-EVEN6]: EventLog Remoting Protocol provider: wevtsvc.dll ncacn_ip_tcp: 172.17.0.22:49153 ncacn_np: \\172_17_0_4\pipe\eventlog ncalrpc: eventlog 30b044a5-a225-43f0-b3a4-e060df91f9c1 version: v1.0 provider: certprop.dll ncacn_np: \\172_17_0_4\PIPE\srvsvc ncacn_ip_tcp: 172.17.0.22:49154 ncacn_np: \\172_17_0_4\PIPE\atsvc ncalrpc: senssvc ncalrpc: OLE6F4A7DCC3C9B406F9F2CE6596F34 ncalrpc: IUserProfile2 98716d03-89ac-44c7-bb8c-285824e51c4a version: v1.0 annotation: XactSrv service provider: srvsvc.dll ncacn_ip_tcp: 172.17.0.22:49154 ncacn_np: \\172_17_0_4\PIPE\atsvc ncalrpc: senssvc ncalrpc: OLE6F4A7DCC3C9B406F9F2CE6596F34 ncalrpc: IUserProfile2 552d076a-cb29-4e44-8b6a-d15e59e2c0af version: v1.0 annotation: IP Transition Configuration endpoint provider: iphlpsvc.dll ncacn_ip_tcp: 172.17.0.22:49154 ncacn_np: \\172_17_0_4\PIPE\atsvc ncalrpc: senssvc ncalrpc: OLE6F4A7DCC3C9B406F9F2CE6596F34 ncalrpc: IUserProfile2 a398e520-d59a-4bdd-aa7a-3c1e0303a511 version: v1.0 annotation: IKE/Authip API provider: IKEEXT.DLL ncacn_ip_tcp: 172.17.0.22:49154 ncacn_np: \\172_17_0_4\PIPE\atsvc ncalrpc: senssvc ncalrpc: OLE6F4A7DCC3C9B406F9F2CE6596F34 ncalrpc: IUserProfile2 86d35949-83c9-4044-b424-db363231fd0c version: v1.0 protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol provider: schedsvc.dll ncacn_ip_tcp: 172.17.0.22:49154 ncacn_np: \\172_17_0_4\PIPE\atsvc ncalrpc: senssvc ncalrpc: OLE6F4A7DCC3C9B406F9F2CE6596F34 ncalrpc: IUserProfile2 378e52b0-c0a9-11cf-822d-00aa0051e40f version: v1.0 protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol provider: taskcomp.dll ncacn_np: \\172_17_0_4\PIPE\atsvc ncalrpc: senssvc ncalrpc: OLE6F4A7DCC3C9B406F9F2CE6596F34 ncalrpc: IUserProfile2 1ff70682-0a51-30e8-076d-740be8cee98b version: v1.0 protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol provider: taskcomp.dll ncacn_np: \\172_17_0_4\PIPE\atsvc ncalrpc: senssvc ncalrpc: OLE6F4A7DCC3C9B406F9F2CE6596F34 ncalrpc: IUserProfile2 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53 version: v1.0 provider: schedsvc.dll ncalrpc: senssvc ncalrpc: OLE6F4A7DCC3C9B406F9F2CE6596F34 ncalrpc: IUserProfile2 2eb08e3e-639f-4fba-97b1-14f878961076 version: v1.0 provider: gpsvc.dll ncalrpc: OLE6F4A7DCC3C9B406F9F2CE6596F34 ncalrpc: IUserProfile2 3473dd4d-2e88-4006-9cba-22570909dd10 version: v5.256 annotation: WinHttp Auto-Proxy Service ncacn_np: \\172_17_0_4\PIPE\W32TIME_ALT ncalrpc: W32TIME_ALT ncalrpc: LRPC-597de80c04400de375 ncalrpc: OLEDA408703C122428D979EB8AA8E46 7ea70bcf-48af-4f6a-8968-6a440754d5fa version: v1.0 annotation: NSI server endpoint provider: nsisvc.dll ncalrpc: LRPC-597de80c04400de375 ncalrpc: OLEDA408703C122428D979EB8AA8E46 24019106-a203-4642-b88d-82dae9158929 version: v1.0 provider: authui.dll ncalrpc: LRPC-ac5c46263da05cab83 2fb92682-6599-42dc-ae13-bd2ca89bd11c version: v1.0 annotation: Fw APIs provider: MPSSVC.dll ncalrpc: LRPC-d72461fd3705fba8a4 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03 version: v1.0 annotation: Fw APIs provider: MPSSVC.dll ncalrpc: LRPC-d72461fd3705fba8a4 dd490425-5325-4565-b774-7e27d6c09c24 version: v1.0 annotation: Base Firewall Engine API provider: BFE.DLL ncalrpc: LRPC-d72461fd3705fba8a4 7f1343fe-50a9-4927-a778-0c5859517bac version: v1.0 annotation: DfsDs service ncacn_np: \\172_17_0_4\PIPE\wkssvc ncalrpc: DNSResolver 4a452661-8290-4b36-8fbe-7f4093a94978 version: v1.0 annotation: Spooler function endpoint provider: spoolsv.exe ncalrpc: spoolss ae33069b-a2a8-46ee-a235-ddfd339be281 version: v1.0 annotation: Spooler base remote object endpoint protocol: [MS-PAN]: Print System Asynchronous Notification Protocol provider: spoolsv.exe ncalrpc: spoolss 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1 version: v1.0 annotation: Spooler function endpoint protocol: [MS-PAN]: Print System Asynchronous Notification Protocol provider: spoolsv.exe ncalrpc: spoolss 12345678-1234-abcd-ef00-0123456789ab version: v1.0 annotation: IPSec Policy agent endpoint protocol: [MS-RPRN]: Print System Remote Protocol provider: spoolsv.exe ncalrpc: LRPC-3c44ae39e24f3ca701 ncacn_ip_tcp: 172.17.0.22:49155 6b5bdd1e-528c-422c-af8c-a4079be4fe48 version: v1.0 annotation: Remote Fw APIs protocol: [MS-FASP]: Firewall and Advanced Security Protocol provider: FwRemoteSvr.dll ncacn_ip_tcp: 172.17.0.22:49155 12345778-1234-abcd-ef00-0123456789ac version: v1.0 protocol: [MS-SAMR]: Security Account Manager (SAM) Remote Protocol provider: samsrv.dll ncacn_ip_tcp: 172.17.0.22:49156 ncalrpc: samss lpc ncalrpc: dsrole ncacn_np: \\172_17_0_4\PIPE\protected_storage ncalrpc: protected_storage ncalrpc: lsasspirpc ncalrpc: lsapolicylookup ncalrpc: LSARPC_ENDPOINT ncalrpc: securityevent ncalrpc: audit ncalrpc: LRPC-9e53d3774d7e86987d ncacn_np: \\172_17_0_4\pipe\lsass 367abb81-9844-35f1-ad32-98f038001003 version: v2.0 protocol: [MS-SCMR]: Service Control Manager Remote Protocol provider: services.exe ncacn_ip_tcp: 172.17.0.22:49184 906b0ce0-c70b-1067-b317-00dd010662da version: v1.0 protocol: [MS-CMPO]: MSDTC Connection Manager: provider: msdtcprx.dll ncalrpc: LRPC-9766075271516e694f ncalrpc: LRPC-9766075271516e694f ncalrpc: LRPC-9766075271516e694f ncalrpc: LRPC-9766075271516e694f
1204336236 | 2024-08-29T23:38:32.9030603389 / tcp
Remote Desktop Protocol \x03\x00\x00\x13\x0e\xd0\x00\x00\x124\x00\x02\t\x08\x00\x02\x00\x00\x00 Remote Desktop Protocol NTLM Info: OS: Windows 7/Windows Server 2008 R2 OS Build: 6.1.7601 Target Name: 172_17_0_4 NetBIOS Domain Name: 172_17_0_4 NetBIOS Computer Name: 172_17_0_4 DNS Domain Name: 172_17_0_4 FQDN: 172_17_0_4 Administrator LK) Ia A Lar Enterprise
Certificate: Data: Version: 3 (0x2) Serial Number: 70:f7:a7:bb:5b:2b:f2:95:49:72:27:9c:28:ef:11:49 Signature Algorithm: sha1WithRSAEncryption Issuer: CN=\x001\x007\x002\x00_\x001\x007\x00_\x000\x00_\x004 Validity Not Before: Aug 12 04:20:36 2024 GMT Not After : Feb 11 04:20:36 2025 GMT Subject: CN=\x001\x007\x002\x00_\x001\x007\x00_\x000\x00_\x004 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:8d:ff:a6:77:30:db:b1:57:6a:b0:33:6a:52:27: 20:3d:13:56:59:4f:33:65:3d:06:2a:5f:59:da:6c: 56:43:c3:34:72:62:b1:ce:2d:1b:66:53:4d:6b:96: 17:93:60:7c:b9:68:08:f5:8d:b3:05:c1:19:3f:4b: 3e:27:0f:12:a1:5d:ab:41:77:d9:b5:ee:7c:8f:32: 5b:aa:ab:5f:84:63:de:aa:4a:0c:27:f1:e2:a9:a7: a0:d7:33:a7:29:b6:fb:b5:5a:75:02:31:34:3a:d1: f7:fb:47:1b:92:f1:9d:1b:d6:2f:7e:c3:ec:29:c8: 92:5f:09:b8:18:be:d7:0c:95:ec:6b:7f:29:83:f3: 2b:df:f5:75:36:e5:7f:81:ea:e2:58:ec:79:10:bc: bb:2d:ec:cf:b1:f5:dd:4f:63:a3:92:94:c7:b7:88: c2:60:23:13:26:b3:64:23:4d:4e:3e:da:db:17:4e: 08:3b:8d:63:e4:a6:44:db:01:c3:70:d9:b3:2e:61: 9b:28:32:3f:7b:52:6a:4e:a4:6d:5b:f5:34:4b:57: 08:98:32:a8:e4:18:f9:32:de:22:b2:38:c9:ff:ca: 98:52:94:03:2b:ed:8f:dc:f9:9e:5b:c7:a4:8f:fb: 3a:20:de:f7:54:47:45:94:02:e5:07:93:10:95:92: 40:d3 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Extended Key Usage: TLS Web Server Authentication X509v3 Key Usage: Key Encipherment, Data Encipherment Signature Algorithm: sha1WithRSAEncryption Signature Value: 46:a1:4c:cc:45:b5:65:37:47:d3:ea:66:86:85:6d:ec:06:4a: 6a:24:f1:6c:4d:f8:bb:22:f0:00:99:97:e6:05:55:aa:b5:9f: 2e:25:00:ab:42:5e:75:30:2d:5e:3d:85:bf:45:ac:53:19:6b: dc:00:a4:b4:a6:11:3b:1d:6d:4a:6b:ec:98:5b:aa:e8:95:cb: 6a:17:22:21:41:f1:9c:15:e3:fc:50:15:07:1d:fa:e8:d1:9c: ff:15:15:3c:5d:ef:5b:e4:d5:0e:1a:84:6a:c8:7d:2e:09:92: ae:7d:02:25:19:1b:1c:bb:e0:e8:cf:7d:fb:07:db:db:9f:b4: a5:7d:4f:6e:99:4e:cb:c9:57:93:e1:9d:3a:e9:50:ac:39:cb: 1e:84:39:35:95:56:9b:53:3c:27:59:ab:c5:04:bd:e7:9d:3c: 8b:e2:16:cd:f4:2a:7d:a2:b1:3c:60:a6:53:c3:e6:4c:88:6c: 38:c5:a2:5a:67:8e:71:d3:d7:34:2c:41:ec:13:5a:2a:9f:ad: df:f6:f0:95:ff:8f:ac:a2:8f:9c:de:08:e2:00:1f:49:0e:b5: e9:6c:aa:77:30:65:ab:5c:8b:70:de:ee:ae:7b:ab:00:25:62: f6:96:f6:a9:da:56:2b:23:b8:4e:2f:f8:09:59:1d:6d:c9:53: 9f:29:55:79