-1217830920 | 2024-11-20T15:32:12.957649
135 /
tcp
Microsoft RPC Endpoint Mapper
d95afe70-a6d5-4259-822e-2c84da1ddb0d
version: v1.0
protocol: [MS-RSP]: Remote Shutdown Protocol
provider: wininit.exe
ncacn_ip_tcp: 192.168.1.177:49152
ncalrpc: WindowsShutdown
ncacn_np: \\ALSERVER\PIPE\InitShutdown
ncalrpc: WMsgKRpc09C720
76f226c3-ec14-4325-8a99-6a46348418af
version: v1.0
provider: winlogon.exe
ncalrpc: WindowsShutdown
ncacn_np: \\ALSERVER\PIPE\InitShutdown
ncalrpc: WMsgKRpc09C720
ncalrpc: WMsgKRpc09CA41
ncalrpc: WMsgKRpc0343162
ncalrpc: WMsgKRpc01BD48363
ncalrpc: WMsgKRpc048F9DB64
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277
version: v1.0
annotation: Impl friendly name
provider: sysntfy.dll
ncalrpc: LRPC-a6604115ffd19ac3fd
ncacn_np: \\ALSERVER\PIPE\srvsvc
ncacn_ip_tcp: 192.168.1.177:49154
ncacn_np: \\ALSERVER\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLEE86044F2ACD84E9487B119DC232B
ncalrpc: IUserProfile2
ncalrpc: senssvc
ncalrpc: OLEE86044F2ACD84E9487B119DC232B
ncalrpc: IUserProfile2
ncalrpc: OLEE86044F2ACD84E9487B119DC232B
ncalrpc: IUserProfile2
ncalrpc: IUserProfile2
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5
version: v1.0
annotation: DHCP Client LRPC Endpoint
provider: dhcpcsvc.dll
ncalrpc: dhcpcsvc
ncalrpc: dhcpcsvc6
ncacn_ip_tcp: 192.168.1.177:49153
ncacn_np: \\ALSERVER\pipe\eventlog
ncalrpc: eventlog
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6
version: v1.0
annotation: DHCPv6 Client LRPC Endpoint
provider: dhcpcsvc6.dll
ncalrpc: dhcpcsvc6
ncacn_ip_tcp: 192.168.1.177:49153
ncacn_np: \\ALSERVER\pipe\eventlog
ncalrpc: eventlog
30adc50c-5cbc-46ce-9a0e-91914789e23c
version: v1.0
annotation: NRP server endpoint
provider: nrpsrv.dll
ncacn_ip_tcp: 192.168.1.177:49153
ncacn_np: \\ALSERVER\pipe\eventlog
ncalrpc: eventlog
f6beaff7-1e19-4fbb-9f8f-b89e2018337c
version: v1.0
annotation: Event log TCPIP
protocol: [MS-EVEN6]: EventLog Remoting Protocol
provider: wevtsvc.dll
ncacn_ip_tcp: 192.168.1.177:49153
ncacn_np: \\ALSERVER\pipe\eventlog
ncalrpc: eventlog
30b044a5-a225-43f0-b3a4-e060df91f9c1
version: v1.0
provider: certprop.dll
ncacn_np: \\ALSERVER\PIPE\srvsvc
ncacn_ip_tcp: 192.168.1.177:49154
ncacn_np: \\ALSERVER\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLEE86044F2ACD84E9487B119DC232B
ncalrpc: IUserProfile2
98716d03-89ac-44c7-bb8c-285824e51c4a
version: v1.0
annotation: XactSrv service
provider: srvsvc.dll
ncacn_ip_tcp: 192.168.1.177:49154
ncacn_np: \\ALSERVER\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLEE86044F2ACD84E9487B119DC232B
ncalrpc: IUserProfile2
552d076a-cb29-4e44-8b6a-d15e59e2c0af
version: v1.0
annotation: IP Transition Configuration endpoint
provider: iphlpsvc.dll
ncacn_ip_tcp: 192.168.1.177:49154
ncacn_np: \\ALSERVER\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLEE86044F2ACD84E9487B119DC232B
ncalrpc: IUserProfile2
a398e520-d59a-4bdd-aa7a-3c1e0303a511
version: v1.0
annotation: IKE/Authip API
provider: IKEEXT.DLL
ncacn_ip_tcp: 192.168.1.177:49154
ncacn_np: \\ALSERVER\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLEE86044F2ACD84E9487B119DC232B
ncalrpc: IUserProfile2
86d35949-83c9-4044-b424-db363231fd0c
version: v1.0
protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
provider: schedsvc.dll
ncacn_ip_tcp: 192.168.1.177:49154
ncacn_np: \\ALSERVER\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLEE86044F2ACD84E9487B119DC232B
ncalrpc: IUserProfile2
378e52b0-c0a9-11cf-822d-00aa0051e40f
version: v1.0
protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
provider: taskcomp.dll
ncacn_np: \\ALSERVER\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLEE86044F2ACD84E9487B119DC232B
ncalrpc: IUserProfile2
1ff70682-0a51-30e8-076d-740be8cee98b
version: v1.0
protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
provider: taskcomp.dll
ncacn_np: \\ALSERVER\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLEE86044F2ACD84E9487B119DC232B
ncalrpc: IUserProfile2
0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53
version: v1.0
provider: schedsvc.dll
ncalrpc: senssvc
ncalrpc: OLEE86044F2ACD84E9487B119DC232B
ncalrpc: IUserProfile2
2eb08e3e-639f-4fba-97b1-14f878961076
version: v1.0
provider: gpsvc.dll
ncalrpc: OLEE86044F2ACD84E9487B119DC232B
ncalrpc: IUserProfile2
3473dd4d-2e88-4006-9cba-22570909dd10
version: v5.256
annotation: WinHttp Auto-Proxy Service
ncacn_np: \\ALSERVER\PIPE\W32TIME_ALT
ncalrpc: W32TIME_ALT
ncalrpc: LRPC-f816de2bbfd91fec6f
ncalrpc: OLEEDECE39841CE4220B3DE8D283474
7ea70bcf-48af-4f6a-8968-6a440754d5fa
version: v1.0
annotation: NSI server endpoint
provider: nsisvc.dll
ncalrpc: LRPC-f816de2bbfd91fec6f
ncalrpc: OLEEDECE39841CE4220B3DE8D283474
24019106-a203-4642-b88d-82dae9158929
version: v1.0
provider: authui.dll
ncalrpc: LRPC-6cd3de0706d0bc4a2c
2fb92682-6599-42dc-ae13-bd2ca89bd11c
version: v1.0
annotation: Fw APIs
provider: MPSSVC.dll
ncalrpc: LRPC-42c3dab33f965420bb
7f9d11bf-7fb9-436b-a812-b2d50c5d4c03
version: v1.0
annotation: Fw APIs
provider: MPSSVC.dll
ncalrpc: LRPC-42c3dab33f965420bb
dd490425-5325-4565-b774-7e27d6c09c24
version: v1.0
annotation: Base Firewall Engine API
provider: BFE.DLL
ncalrpc: LRPC-42c3dab33f965420bb
4a452661-8290-4b36-8fbe-7f4093a94978
version: v1.0
annotation: Spooler function endpoint
provider: spoolsv.exe
ncalrpc: spoolss
ae33069b-a2a8-46ee-a235-ddfd339be281
version: v1.0
annotation: Spooler base remote object endpoint
protocol: [MS-PAN]: Print System Asynchronous Notification Protocol
provider: spoolsv.exe
ncalrpc: spoolss
0b6edbfa-4a24-4fc6-8a23-942b1eca65d1
version: v1.0
annotation: Spooler function endpoint
protocol: [MS-PAN]: Print System Asynchronous Notification Protocol
provider: spoolsv.exe
ncalrpc: spoolss
12345778-1234-abcd-ef00-0123456789ac
version: v1.0
protocol: [MS-SAMR]: Security Account Manager (SAM) Remote Protocol
provider: samsrv.dll
ncacn_ip_tcp: 192.168.1.177:49155
ncalrpc: samss lpc
ncalrpc: dsrole
ncacn_np: \\ALSERVER\PIPE\protected_storage
ncalrpc: protected_storage
ncalrpc: lsasspirpc
ncalrpc: lsapolicylookup
ncalrpc: LSARPC_ENDPOINT
ncalrpc: securityevent
ncalrpc: audit
ncalrpc: LRPC-ec0d7dd16d35030e1e
ncacn_np: \\ALSERVER\pipe\lsass
12d4b7c8-77d5-11d1-8c24-00c04fa3080d
version: v1.0
provider: lserver.dll
ncacn_ip_tcp: 192.168.1.177:49158
ncacn_np: \\ALSERVER\pipe\HydraLsPipe
ncalrpc: LRPC-3e4be333a6f1eaf9ed
3d267954-eeb7-11d1-b94e-00c04fa3080d
version: v1.0
provider: lserver.dll
ncacn_ip_tcp: 192.168.1.177:49158
ncacn_np: \\ALSERVER\pipe\HydraLsPipe
ncalrpc: LRPC-3e4be333a6f1eaf9ed
367abb81-9844-35f1-ad32-98f038001003
version: v2.0
protocol: [MS-SCMR]: Service Control Manager Remote Protocol
provider: services.exe
ncacn_ip_tcp: 192.168.1.177:49159
12345678-1234-abcd-ef00-0123456789ab
version: v1.0
annotation: IPSec Policy agent endpoint
protocol: [MS-RPRN]: Print System Remote Protocol
provider: spoolsv.exe
ncalrpc: LRPC-23510404c9c6538beb
ncacn_ip_tcp: 192.168.1.177:49160
6b5bdd1e-528c-422c-af8c-a4079be4fe48
version: v1.0
annotation: Remote Fw APIs
protocol: [MS-FASP]: Firewall and Advanced Security Protocol
provider: FwRemoteSvr.dll
ncacn_ip_tcp: 192.168.1.177:49160
12e65dd8-887f-41ef-91bf-8d816c42c2e7
version: v1.0
annotation: Secure Desktop LRPC interface
provider: winlogon.exe
ncalrpc: WMsgKRpc0343162
ncalrpc: WMsgKRpc01BD48363
ncalrpc: WMsgKRpc048F9DB64
906b0ce0-c70b-1067-b317-00dd010662da
version: v1.0
protocol: [MS-CMPO]: MSDTC Connection Manager:
provider: msdtcprx.dll
ncalrpc: LRPC-64861b1009105fb4d8
ncalrpc: LRPC-64861b1009105fb4d8
ncalrpc: LRPC-64861b1009105fb4d8
ncalrpc: LRPC-64861b1009105fb4d8
2006257357 | 2024-11-15T18:26:35.354123
137 /
udp
NetBIOS Response:
Server Name: ALSERVER
MAC Address: B4:99:BA:AB:05:B6
Names:
ALSERVER <0x0>
WORKGROUP <0x0>
ALSERVER <0x20>
Additional Interfaces:
192.168.1.177MAC Addresses
B4:99:BA:AB:05:B6
OUI: B4:99:BA
Organization: Hewlett Packard
Assignment: MA-L
Registration Date: 2010-12-16
1782361047 | 2024-11-30T10:18:16.951732
554 /
tcp
RTSP/1.0 200 OK
CSeq: 1
Public: OPTIONS, DESCRIBE, PLAY, PAUSE, SETUP, TEARDOWN, SET_PARAMETER, GET_PARAMETER
Date: Sat, Nov 30 2024 12:59:30 GMT
-580463018 | 2024-11-28T07:58:00.388134
1433 /
tcp
MS-SQL NTLM Info:
OS: Windows 7/Windows Server 2008 R2
OS Build: 6.1.7601
Target Name: ALSERVER
NetBIOS Domain Name: ALSERVER
NetBIOS Computer Name: ALSERVER
DNS Domain Name: ALSERVER
FQDN: ALSERVER
-420657357 | 2024-11-29T15:56:26.067059
7071 /
tcp
SSL Error: ALERT_HANDSHAKE_FAILURE
SSL Certificate
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=AnyDesk Client
Validity
Not Before: Aug 22 04:16:25 2024 GMT
Not After : Aug 10 04:16:25 2074 GMT
Subject: CN=AnyDesk Client
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c0:a4:fe:d9:1a:cd:e5:63:43:a4:e7:e4:2f:e5:
e7:cd:cd:21:78:6f:e2:b6:68:91:b6:b9:0a:b9:ad:
4c:a5:ad:06:e7:f0:de:a8:a5:dd:a3:73:b1:b9:5a:
ef:d5:34:15:16:ca:71:c7:1f:b7:bd:dd:e7:fe:b4:
59:10:7e:52:18:3b:27:af:c9:e6:ee:9f:05:e0:05:
fa:93:05:f6:86:70:fa:56:b6:6a:cb:6a:6f:99:32:
96:4e:da:9e:e9:ac:b9:36:4b:7f:2d:66:d2:ba:bf:
3e:43:90:ba:82:ca:1c:5f:a9:3b:b3:96:25:87:ed:
63:47:6a:8a:9b:b9:64:d7:f0:f3:8c:69:e4:ed:1a:
c8:b9:71:37:83:00:fa:49:ad:de:f2:78:41:d0:74:
7e:0c:3c:10:96:fd:71:cf:e7:bf:30:c8:b7:e5:21:
28:28:04:f8:30:cc:c4:89:ec:42:06:3f:59:75:56:
67:ed:c0:0a:15:80:51:00:9d:81:f9:c1:a8:22:d1:
f1:aa:d7:95:f9:d7:03:db:ad:d3:57:c3:06:7f:0e:
db:7b:42:c9:22:bb:1f:3e:25:13:ae:f3:b5:d0:99:
5d:30:8c:a7:e8:e5:ce:c3:44:8d:2c:18:68:7d:9b:
d5:7a:e4:d5:15:5b:80:6b:73:d5:5f:dc:8f:4c:cd:
bf:c3
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
1f:64:b8:c2:60:52:24:8a:78:8c:5f:66:34:76:86:56:13:70:
29:a9:69:46:8f:4c:31:f1:70:1d:38:7e:94:4c:81:e0:b1:b0:
25:e1:44:24:fc:e6:75:12:28:83:fe:fe:f7:c4:7a:5a:df:12:
d7:24:e2:5a:02:46:2c:67:ba:c7:bd:64:89:78:20:60:92:d7:
92:1b:5e:d0:32:fa:4e:1d:f7:ac:8d:97:d0:ac:40:c8:74:a8:
1c:3a:84:ac:c7:3b:bc:a3:fe:35:a0:ee:43:27:d4:99:a5:92:
3b:44:0c:4f:39:ee:00:80:6e:57:a6:a4:e2:59:1b:6c:bf:d7:
7c:ed:a2:3c:a3:6e:0a:48:83:09:1c:a3:94:29:98:66:c2:6a:
f1:c3:6e:9e:68:2a:4f:2c:fd:c7:ad:1b:0a:7c:70:78:42:c4:
a7:f8:03:1e:c2:ca:b7:36:bd:5d:eb:55:56:2e:6b:32:10:25:
de:16:9c:38:2f:f8:e3:8c:c1:9e:ef:db:e6:6f:43:1a:69:b7:
92:b2:62:d2:a6:df:86:5f:82:3a:22:22:59:1b:b9:4d:5e:d6:
21:6c:ee:4d:05:04:c0:51:50:11:5b:5d:89:41:a9:39:e1:e5:
fb:03:ce:c5:42:dc:20:91:47:06:09:fd:0b:8a:d3:06:b0:60:
7e:11:1d:88
