RPC over HTTP (ncacn_http) implementation for DCERPC client libraries
Samuel Cabrero
scabrero at zentyal.com
Mon Aug 11 08:41:54 MDT 2014
Hi Stefan,
I have made the captures on the RPC proxy machine, where you can see all
the traffic flow. Let me summarize how the protocol works and the
environment where I took the captures (I disabled TLS and RPC encryption).
The goal of the RPC over HTTP protocol is to avoid opening RPC ports to
internet and let the clients outside the internal lan to connect to it.
The client opens a "RPC tunnel" over two HTTP connections (the channel
in and channel out) to the RPC proxy server, and this machine forwards
the RPC frames to the final RPC server. If the RPC proxy is behind a
firewall or nat, only the ports 80 or 443 have to be opened and
forwarded to it. The first step is to open the tunnel by exchanging some
PDU's with the RPC proxy (see connection.jpg), after that the RPC frames
are just pushed into the opened stream and the proxy forward them to the
desired RPC server.
I have attached a diagram of the environment (network.pdf):
1. The w2k8.kernevil.lan host is the domain controller and the desired
RPC server the client wants to connect to (Exchange 2010). The IP
address is 192.168.2.10.
2. The cas.kernevil.lan is a domain member running the client access
Exchange role (the RPC proxy), IP address is 192.168.2.20.
3. This two servers are in a private network and behind NAT, the
gateway/firewall IP is 192.168.2.254 and it forward the 80 and 443 ports
to cas.kernevil.lan. It is also a DNS server authoritative for the
'kernevil.net' domain, because the client uses the external domain to
connect to the RPC proxy.
4. The client is openchange and is outside the lan. In the capture the
client is listing the mailbox. The binding string is:
ncacn_http:w2k8.kernevil.lan[rpcproxy=cas.kernevil.net:80,]
The host cas.kernevil.net is resolved to the public address of the
gateway, which forward ports 80 and 443 to the RPC proxy
cas.kernevil.lan replacing the client source ip address.
Finally, answering your questions:
1. The difference between 'rpc proxy' and 'http proxy':
The RPC proxy is the HTTP connection endpoint (cas.kernevil.lan). This
machine extract the RPC frames from HTTP body and forward them to the
final RPC server (w2k8.kernevil.lan). The http proxy refers to the
optional use of a http proxy in the client side, instead connecting
directly to the RPC proxy.
2. The relation between 'rpc proxy' and 'rpc server':
The client wants to connect to the RPC server, but as it is not
reachable because it is behind nat, opens a RPC tunnel over HTTP to the
RPC proxy and the RPC proxy forwards RPC frames to the RPC server.
3. The http proxy refers to the use of a http proxy in the client side.
It is not yet implemented, so I don't have captures for this. At this
point the implementation only supports direct connection to the HTTP
server without proxies. There is a section in the specifications to
handle this (section 3.2.2.4.1.1) and affects how the tunnel is opened.
If you need more captures just let me know.
Thanks!
On 17/06/14 14:05, Stefan (metze) Metzmacher wrote:
> Hi Julien,
>
>> Following our discussion at SambaXP about ncacn_http support addition to
>> samba dcerpc client libraries, we have brought the changes we had been
>> discussing about. You will find in attachment the patches required to
>> enable RPC/HTTP support and have openchange client libraries working
>> with Microsoft Exchange 2013.
>>
>> Zentyal is not retaining any copyright on this code. We are just looking
>> forward merging it upstream. If you therefore need any specific
>> agreement to be signed or if you need our developer to send a
>> developer's certificate of origin, just let us know so we can move forward.
>
> See https://www.samba.org/samba/devel/copyright-policy.html,
> if you have remaining questions just ask via contributing at samba.org.
>
> I've have a closer look at the changes in the next days/weeks,
> but first I need to understand the protocol a bit more.
>
> - What is the difference between 'rpc proxy' and 'http proxy'?
> - What is the relation between rpc proxy and rpc server?
> - At which layers may use tls encryption?
> - Can I get captures from a ncacn_http sessions:
> 1.) without any proxy
> a) captured on the client
> b) captured on the server
> 2.) with a rpc proxy
> a) captured on the client
> b) captured on the server
> c) captured on the rpc proxy (client side)
> d) captured on the rpc proxy (server side)
> 3.) with a rpc proxy and a http proxy
> a) captured on the client
> b) captured on the server
> c) captured on the rpc proxy (client side)
> d) captured on the rpc proxy (server side)
> e) captured on the http proxy (client side)
> f) captured on the http proxy (server side)
>
> Thanks!
> metze
>
--
Samuel Cabrero - Developer
scabrero at zentyal.com
Zentyal - Active Exchange
www.zentyal.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: connection.jpg
Type: image/jpeg
Size: 23277 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20140811/71a2ec8b/attachment-0001.jpg>
-------------- next part --------------
Microsoft Exchange RPC Extractor Output File (Version 2.0)
Created on 08/08/2014 at 15:35:13 GMT
17:34:35.811 #00001 192.168.2.10:8250 192.168.2.20:135 TCP/IP
17:34:37.872 #00002 192.168.2.254:60986 192.168.2.20:80 TCP/IP
00:00:00.000 #00003
00:00:00.000 #00004
17:34:37.873 #00005 192.168.2.20:80 192.168.2.254:60986 TCP/IP
17:34:37.874 #00006 192.168.2.254:60986 192.168.2.20:80 TCP/IP
17:34:37.874 #00007 192.168.2.254:60987 192.168.2.20:80 TCP/IP
17:34:37.874 #00008 192.168.2.20:80 192.168.2.254:60987 TCP/IP
17:34:37.874 #00009 192.168.2.254:60987 192.168.2.20:80 TCP/IP
17:34:37.875 #00010 192.168.2.254:60986 192.168.2.20:80 TCP/IP
17:34:37.876 #00011 192.168.2.254:60987 192.168.2.20:80 TCP/IP
17:34:38.075 #00012 192.168.2.254:60986 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x0 RPC TUNNEL
17:34:38.075 #00013 192.168.2.20:80 192.168.2.254:60986 TCP/IP
17:34:38.078 #00014 192.168.2.20:22440 192.168.2.10:6002 TCP/IP
17:34:38.079 #00015 192.168.2.10:6002 192.168.2.20:22440 TCP/IP
17:34:38.079 #00016 192.168.2.20:22440 192.168.2.10:6002 TCP/IP
17:34:38.079 #00017 192.168.2.254:60987 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x0 RPC TUNNEL
17:34:38.079 #00018 192.168.2.20:80 192.168.2.254:60987 TCP/IP
17:34:38.080 #00019 192.168.2.20:22440 192.168.2.10:6002 TCP/IP
MSRPC Call ID: 0x0 RPC TUNNEL
17:34:38.082 #00020 192.168.2.20:22441 192.168.2.10:6002 TCP/IP
17:34:38.082 #00021 192.168.2.10:6002 192.168.2.20:22440 TCP/IP
17:34:38.083 #00022 192.168.2.10:6002 192.168.2.20:22441 TCP/IP
17:34:38.083 #00023 192.168.2.20:22441 192.168.2.10:6002 TCP/IP
17:34:38.083 #00024 192.168.2.20:80 192.168.2.254:60987 TCP/IP
17:34:38.083 #00025 192.168.2.20:22441 192.168.2.10:6002 TCP/IP
MSRPC Call ID: 0x0 RPC TUNNEL
17:34:38.084 #00026 192.168.2.10:6002 192.168.2.20:22441 TCP/IP
17:34:38.084 #00027 192.168.2.254:60987 192.168.2.20:80 TCP/IP
17:34:38.084 #00028 192.168.2.20:80 192.168.2.254:60987 TCP/IP
MSRPC Call ID: 0x0 RPC TUNNEL
17:34:38.084 #00029 192.168.2.10:6002 192.168.2.20:22441 TCP/IP
MSRPC Call ID: 0x0 RPC TUNNEL
17:34:38.084 #00030 192.168.2.10:6002 192.168.2.20:22440 TCP/IP
MSRPC Call ID: 0x0 RPC TUNNEL
17:34:38.084 #00031 192.168.2.20:22441 192.168.2.10:6002 TCP/IP
17:34:38.085 #00032 192.168.2.20:22440 192.168.2.10:6002 TCP/IP
17:34:38.085 #00033 192.168.2.20:80 192.168.2.254:60987 TCP/IP
MSRPC Call ID: 0x0 RPC TUNNEL
17:34:38.085 #00034 192.168.2.254:60987 192.168.2.20:80 TCP/IP
17:34:38.086 #00035 192.168.2.254:60987 192.168.2.20:80 TCP/IP
17:34:38.088 #00036 192.168.2.254:60986 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x1 BIND: DSProxy RFI
17:34:38.088 #00037 192.168.2.20:22440 192.168.2.10:6002 TCP/IP
MSRPC Call ID: 0x1 BIND: DSProxy RFI
17:34:38.090 #00038 192.168.2.10:6002 192.168.2.20:22441 TCP/IP
MSRPC Call ID: 0x1 BIND ACK: Unknown binding
17:34:38.090 #00039 192.168.2.20:80 192.168.2.254:60987 TCP/IP
MSRPC Call ID: 0x1 BIND ACK: DSProxy RFI
17:34:38.091 #00040 192.168.2.254:60987 192.168.2.20:80 TCP/IP
17:34:38.291 #00041 192.168.2.20:80 192.168.2.254:60986 TCP/IP
17:34:38.292 #00042 192.168.2.20:22441 192.168.2.10:6002 TCP/IP
17:34:38.292 #00043 192.168.2.10:6002 192.168.2.20:22440 TCP/IP
17:34:38.292 #00044 192.168.2.254:60986 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x1 ALTER CONTEXT: DSProxy RFI
17:34:38.293 #00045 192.168.2.20:22440 192.168.2.10:6002 TCP/IP
MSRPC Call ID: 0x1 ALTER CONTEXT: DSProxy RFI
17:34:38.296 #00046 192.168.2.10:6002 192.168.2.20:22441 TCP/IP
MSRPC Call ID: 0x1 ALTER CONTEXT RESPONSE: Unknown binding
17:34:38.296 #00047 192.168.2.20:80 192.168.2.254:60987 TCP/IP
MSRPC Call ID: 0x1 ALTER CONTEXT RESPONSE: DSProxy RFI
17:34:38.297 #00048 192.168.2.254:60987 192.168.2.20:80 TCP/IP
17:34:38.494 #00049 192.168.2.20:80 192.168.2.254:60986 TCP/IP
17:34:38.495 #00050 192.168.2.20:22441 192.168.2.10:6002 TCP/IP
17:34:38.495 #00051 192.168.2.10:6002 192.168.2.20:22440 TCP/IP
17:34:38.495 #00052 192.168.2.254:60986 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x2 REQUEST: DSProxy RFI
RfrGetNewDSA
ulFlags unsigned long 0x00000000 (0)
szUserDN CHAR * /o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=u1
*ppszUnused CHAR * NULL
*ppszServer CHAR * NULL
17:34:38.496 #00053 192.168.2.20:22440 192.168.2.10:6002 TCP/IP
MSRPC Call ID: 0x2 REQUEST: DSProxy RFI
RfrGetNewDSA
ulFlags unsigned long 0x00000000 (0)
szUserDN CHAR * /o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=u1
*ppszUnused CHAR * NULL
*ppszServer CHAR * NULL
17:34:38.515 #00054 192.168.2.10:6002 192.168.2.20:22441 TCP/IP
MSRPC Call ID: 0x2 RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:38.543 #00055 192.168.2.20:80 192.168.2.254:60987 TCP/IP
MSRPC Call ID: 0x2 RESPONSE: 0 ms DSProxy RFI
RfrGetNewDSA
*ppszUnused CHAR * NULL
*ppszServer CHAR * w2k8.kernevil.lan
[Return value] unsigned long 0x00000000 (ecNone)
17:34:38.543 #00056 192.168.2.254:60987 192.168.2.20:80 TCP/IP
17:34:38.544 #00057 192.168.2.254:60986 192.168.2.20:80 TCP/IP
17:34:38.544 #00058 192.168.2.254:60987 192.168.2.20:80 TCP/IP
17:34:38.544 #00059 192.168.2.20:80 192.168.2.254:60986 TCP/IP
17:34:38.544 #00060 192.168.2.20:80 192.168.2.254:60986 TCP/IP
17:34:38.544 #00061 192.168.2.254:60986 192.168.2.20:80 TCP/IP
17:34:38.544 #00062 192.168.2.20:22440 192.168.2.10:6002 TCP/IP
17:34:38.546 #00063 192.168.2.10:6002 192.168.2.20:22441 TCP/IP
17:34:38.546 #00064 192.168.2.20:80 192.168.2.254:60987 TCP/IP
17:34:38.546 #00065 192.168.2.254:60987 192.168.2.20:80 TCP/IP
17:34:38.548 #00066 192.168.2.254:60988 192.168.2.20:80 TCP/IP
17:34:38.548 #00067 192.168.2.20:80 192.168.2.254:60988 TCP/IP
17:34:38.549 #00068 192.168.2.254:60988 192.168.2.20:80 TCP/IP
17:34:38.549 #00069 192.168.2.254:60989 192.168.2.20:80 TCP/IP
17:34:38.549 #00070 192.168.2.20:80 192.168.2.254:60989 TCP/IP
17:34:38.549 #00071 192.168.2.254:60989 192.168.2.20:80 TCP/IP
17:34:38.549 #00072 192.168.2.254:60988 192.168.2.20:80 TCP/IP
17:34:38.549 #00073 192.168.2.254:60989 192.168.2.20:80 TCP/IP
00:00:00.000 #00074
00:00:00.000 #00075
00:00:00.000 #00076
00:00:00.000 #00077
00:00:00.000 #00078
00:00:00.000 #00079
00:00:00.000 #00080
00:00:00.000 #00081
17:34:38.744 #00082 192.168.2.20:80 192.168.2.254:60988 TCP/IP
17:34:38.744 #00083 192.168.2.20:80 192.168.2.254:60989 TCP/IP
17:34:38.744 #00084 192.168.2.254:60988 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x0 RPC TUNNEL
17:34:38.745 #00085 192.168.2.254:60989 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x0 RPC TUNNEL
17:34:38.746 #00086 192.168.2.20:22442 192.168.2.10:6004 TCP/IP
17:34:38.746 #00087 192.168.2.20:22443 192.168.2.10:6004 TCP/IP
17:34:38.746 #00088 192.168.2.10:6004 192.168.2.20:22442 TCP/IP
17:34:38.746 #00089 192.168.2.20:22442 192.168.2.10:6004 TCP/IP
17:34:38.746 #00090 192.168.2.20:22442 192.168.2.10:6004 TCP/IP
MSRPC Call ID: 0x0 RPC TUNNEL
17:34:38.746 #00091 192.168.2.10:6004 192.168.2.20:22443 TCP/IP
17:34:38.746 #00092 192.168.2.20:22443 192.168.2.10:6004 TCP/IP
17:34:38.747 #00093 192.168.2.20:80 192.168.2.254:60989 TCP/IP
17:34:38.747 #00094 192.168.2.20:22443 192.168.2.10:6004 TCP/IP
MSRPC Call ID: 0x0 RPC TUNNEL
17:34:38.747 #00095 192.168.2.10:6004 192.168.2.20:22442 TCP/IP
17:34:38.747 #00096 192.168.2.20:80 192.168.2.254:60989 TCP/IP
MSRPC Call ID: 0x0 RPC TUNNEL
17:34:38.747 #00097 192.168.2.254:60989 192.168.2.20:80 TCP/IP
17:34:38.748 #00098 192.168.2.10:6004 192.168.2.20:22443 TCP/IP
17:34:38.748 #00099 192.168.2.254:60989 192.168.2.20:80 TCP/IP
17:34:38.748 #00100 192.168.2.10:6004 192.168.2.20:22443 TCP/IP
MSRPC Call ID: 0x0 RPC TUNNEL
17:34:38.748 #00101 192.168.2.20:22443 192.168.2.10:6004 TCP/IP
17:34:38.748 #00102 192.168.2.10:6004 192.168.2.20:22442 TCP/IP
MSRPC Call ID: 0x0 RPC TUNNEL
17:34:38.748 #00103 192.168.2.20:22442 192.168.2.10:6004 TCP/IP
17:34:38.749 #00104 192.168.2.20:80 192.168.2.254:60989 TCP/IP
MSRPC Call ID: 0x0 RPC TUNNEL
17:34:38.749 #00105 192.168.2.254:60989 192.168.2.20:80 TCP/IP
17:34:38.963 #00106 192.168.2.20:80 192.168.2.254:60988 TCP/IP
17:34:38.965 #00107 192.168.2.254:60988 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x1 BIND: NSPI
17:34:38.980 #00108 192.168.2.20:22442 192.168.2.10:6004 TCP/IP
MSRPC Call ID: 0x1 BIND: NSPI
17:34:38.981 #00109 192.168.2.10:6004 192.168.2.20:22443 TCP/IP
MSRPC Call ID: 0x1 BIND ACK: Unknown binding
17:34:38.981 #00110 192.168.2.20:80 192.168.2.254:60989 TCP/IP
MSRPC Call ID: 0x1 BIND ACK: NSPI
17:34:38.982 #00111 192.168.2.254:60989 192.168.2.20:80 TCP/IP
17:34:39.181 #00112 192.168.2.20:80 192.168.2.254:60988 TCP/IP
17:34:39.181 #00113 192.168.2.20:22443 192.168.2.10:6004 TCP/IP
17:34:39.181 #00114 192.168.2.10:6004 192.168.2.20:22442 TCP/IP
17:34:39.181 #00115 192.168.2.254:60988 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x1 ALTER CONTEXT: NSPI
17:34:39.182 #00116 192.168.2.20:22442 192.168.2.10:6004 TCP/IP
MSRPC Call ID: 0x1 ALTER CONTEXT: NSPI
17:34:39.185 #00117 192.168.2.10:6004 192.168.2.20:22443 TCP/IP
MSRPC Call ID: 0x1 ALTER CONTEXT RESPONSE: Unknown binding
17:34:39.185 #00118 192.168.2.20:80 192.168.2.254:60989 TCP/IP
MSRPC Call ID: 0x1 ALTER CONTEXT RESPONSE: NSPI
17:34:39.186 #00119 192.168.2.254:60989 192.168.2.20:80 TCP/IP
17:34:39.383 #00120 192.168.2.20:80 192.168.2.254:60988 TCP/IP
17:34:39.384 #00121 192.168.2.20:22443 192.168.2.10:6004 TCP/IP
17:34:39.384 #00122 192.168.2.254:60988 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x2 REQUEST: NSPI
17:34:39.384 #00123 192.168.2.10:6004 192.168.2.20:22442 TCP/IP
17:34:39.385 #00124 192.168.2.20:22442 192.168.2.10:6004 TCP/IP
MSRPC Call ID: 0x2 REQUEST: NSPI
17:34:39.386 #00125 192.168.2.10:6004 192.168.2.20:22443 TCP/IP
MSRPC Call ID: 0x2 RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:39.386 #00126 192.168.2.20:80 192.168.2.254:60989 TCP/IP
MSRPC Call ID: 0x2 RESPONSE: 0 ms NSPI
17:34:39.387 #00127 192.168.2.254:60989 192.168.2.20:80 TCP/IP
17:34:39.395 #00128 192.168.2.254:60990 192.168.2.20:80 TCP/IP
17:34:39.396 #00129 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:39.397 #00130 192.168.2.254:60990 192.168.2.20:80 TCP/IP
17:34:39.397 #00131 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:39.397 #00132 192.168.2.20:80 192.168.2.254:60991 TCP/IP
17:34:39.398 #00133 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:39.398 #00134 192.168.2.254:60990 192.168.2.20:80 TCP/IP
17:34:39.399 #00135 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:39.600 #00136 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x0 RPC TUNNEL
17:34:39.600 #00137 192.168.2.254:60991 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x0 RPC TUNNEL
17:34:39.600 #00138 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:39.600 #00139 192.168.2.20:80 192.168.2.254:60991 TCP/IP
17:34:39.601 #00140 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
17:34:39.603 #00141 192.168.2.20:80 192.168.2.254:60988 TCP/IP
17:34:39.603 #00142 192.168.2.20:22443 192.168.2.10:6004 TCP/IP
17:34:39.603 #00143 192.168.2.10:6004 192.168.2.20:22442 TCP/IP
17:34:39.604 #00144 192.168.2.20:22445 192.168.2.10:6001 TCP/IP
17:34:39.604 #00145 192.168.2.10:6001 192.168.2.20:22444 TCP/IP
17:34:39.604 #00146 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
17:34:39.604 #00147 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0x0 RPC TUNNEL
17:34:39.604 #00148 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
17:34:39.604 #00149 192.168.2.20:22445 192.168.2.10:6001 TCP/IP
17:34:39.604 #00150 192.168.2.20:80 192.168.2.254:60991 TCP/IP
17:34:39.605 #00151 192.168.2.20:22445 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0x0 RPC TUNNEL
17:34:39.605 #00152 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0x0 RPC TUNNEL
17:34:39.605 #00153 192.168.2.10:6001 192.168.2.20:22444 TCP/IP
17:34:39.605 #00154 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:39.605 #00155 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:39.606 #00156 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
17:34:39.606 #00157 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0x0 RPC TUNNEL
17:34:39.606 #00158 192.168.2.20:22445 192.168.2.10:6001 TCP/IP
17:34:39.606 #00159 192.168.2.10:6001 192.168.2.20:22444 TCP/IP
MSRPC Call ID: 0x0 RPC TUNNEL
17:34:39.606 #00160 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
17:34:39.607 #00161 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0x0 RPC TUNNEL
17:34:39.607 #00162 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:39.607 #00163 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x1 BIND: Store RPC
17:34:39.608 #00164 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0x1 BIND: Store RPC
17:34:39.608 #00165 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0x1 BIND ACK: Unknown binding
17:34:39.608 #00166 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0x1 BIND ACK: Store RPC
17:34:39.609 #00167 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:39.805 #00168 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:39.805 #00169 192.168.2.20:22445 192.168.2.10:6001 TCP/IP
17:34:39.806 #00170 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x1 ALTER CONTEXT: Store RPC
17:34:39.807 #00171 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0x1 ALTER CONTEXT: Store RPC
17:34:39.807 #00172 192.168.2.10:6001 192.168.2.20:22444 TCP/IP
17:34:39.809 #00173 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0x1 ALTER CONTEXT RESPONSE: Unknown binding
17:34:39.810 #00174 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0x1 ALTER CONTEXT RESPONSE: Store RPC
17:34:39.810 #00175 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:40.023 #00176 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:40.024 #00177 192.168.2.20:22445 192.168.2.10:6001 TCP/IP
17:34:40.024 #00178 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x2 REQUEST: Store RPC
EcDoConnectEx
szUserDn unsigned char * /o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=u1
ulFlags unsigned long 0x00000000 (0)
ulConMod unsigned long 0x5d074f6e (1560760174)
cbLimit unsigned long 0x00000000 (0)
ulCpid unsigned long 0x000004e4 (1252)
ulLcidString unsigned long 0x00000409 (1033)
ulLcidSort unsigned long 0x00000409 (1033)
ulIxcrLink unsigned long 0xffffffff (4294967295)
usFCanConvertCodePages unsigned short 0x0001 (1)
rgwClientVersion WORD[3] 12.00.6206.1000
*pulTimeStamp unsigned long 0x00000000 (0)
Connection Parameters in Binary Format:
BinaryConnectionParams PtypBinary 148 Byte(s)
0000: 5D 00 00 00 00 00 00 00 5D 00 00 00 2F 6F 3D 46 - ].......].../o=F
0010: 69 72 73 74 20 4F 72 67 61 6E 69 7A 61 74 69 6F - irst Organizatio
0020: 6E 2F 6F 75 3D 45 78 63 68 61 6E 67 65 20 41 64 - n/ou=Exchange Ad
0030: 6D 69 6E 69 73 74 72 61 74 69 76 65 20 47 72 6F - ministrative Gro
0040: 75 70 20 28 46 59 44 49 42 4F 48 46 32 33 53 50 - up (FYDIBOHF23SP
0050: 44 4C 54 29 2F 63 6E 3D 52 65 63 69 70 69 65 6E - DLT)/cn=Recipien
0060: 74 73 2F 63 6E 3D 75 31 00 00 00 00 00 00 00 00 - ts/cn=u1........
0070: 6E 4F 07 5D 00 00 00 00 E4 04 00 00 09 04 00 00 - nO.]............
0080: 09 04 00 00 FF FF FF FF 01 00 0C 00 3E 18 E8 03 - ............>...
0090: 00 00 00 00 - ....
rgbAuxIn unsigned char[] 0 byte(s)
cbAuxIn unsigned long 0x00000000 (0)
*pcbAuxOut unsigned long 0x00001008 (4104)
17:34:40.024 #00179 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0x2 REQUEST: Store RPC
EcDoConnectEx
szUserDn unsigned char * /o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=u1
ulFlags unsigned long 0x00000000 (0)
ulConMod unsigned long 0x5d074f6e (1560760174)
cbLimit unsigned long 0x00000000 (0)
ulCpid unsigned long 0x000004e4 (1252)
ulLcidString unsigned long 0x00000409 (1033)
ulLcidSort unsigned long 0x00000409 (1033)
ulIxcrLink unsigned long 0xffffffff (4294967295)
usFCanConvertCodePages unsigned short 0x0001 (1)
rgwClientVersion WORD[3] 12.00.6206.1000
*pulTimeStamp unsigned long 0x00000000 (0)
Connection Parameters in Binary Format:
BinaryConnectionParams PtypBinary 148 Byte(s)
0000: 5D 00 00 00 00 00 00 00 5D 00 00 00 2F 6F 3D 46 - ].......].../o=F
0010: 69 72 73 74 20 4F 72 67 61 6E 69 7A 61 74 69 6F - irst Organizatio
0020: 6E 2F 6F 75 3D 45 78 63 68 61 6E 67 65 20 41 64 - n/ou=Exchange Ad
0030: 6D 69 6E 69 73 74 72 61 74 69 76 65 20 47 72 6F - ministrative Gro
0040: 75 70 20 28 46 59 44 49 42 4F 48 46 32 33 53 50 - up (FYDIBOHF23SP
0050: 44 4C 54 29 2F 63 6E 3D 52 65 63 69 70 69 65 6E - DLT)/cn=Recipien
0060: 74 73 2F 63 6E 3D 75 31 00 00 00 00 00 00 00 00 - ts/cn=u1........
0070: 6E 4F 07 5D 00 00 00 00 E4 04 00 00 09 04 00 00 - nO.]............
0080: 09 04 00 00 FF FF FF FF 01 00 0C 00 3E 18 E8 03 - ............>...
0090: 00 00 00 00 - ....
rgbAuxIn unsigned char[] 0 byte(s)
cbAuxIn unsigned long 0x00000000 (0)
*pcbAuxOut unsigned long 0x00001008 (4104)
17:34:40.049 #00180 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0x2 RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:40.050 #00181 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0x2 RESPONSE: 0 ms Store RPC
EcDoConnectEx
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pcmsPollsMax unsigned long 0x0000ea60 (60000)
*pcRetry unsigned long 0x0000003c (60)
*pcmsRetryDelay unsigned long 0x000003e8 (1000)
*picxr unsigned short 0x0018 (24)
*szDNPrefix unsigned char *
*szDisplayName unsigned char * u1
rgwServerVersion WORD[3] 14.01.0218.4014
rgwBestVersion WORD[3] 12.00.6206.1000
*pulTimeStamp unsigned long 0x44b64679 (1152796281)
Connection Parameters in Binary Format:
BinaryConnectionParams PtypBinary 92 Byte(s)
0000: 00 00 00 00 60 1F 68 06 AF 25 F4 4B 87 A6 F3 A0 - ....`.h..%%.K....
0010: 32 CC 4A C2 60 EA 00 00 3C 00 00 00 E8 03 00 00 - 2.J.`...<.......
0020: 18 00 00 00 00 00 02 00 01 00 00 00 00 00 00 00 - ................
0030: 01 00 00 00 00 00 00 00 04 00 02 00 03 00 00 00 - ................
0040: 00 00 00 00 03 00 00 00 75 31 00 00 01 0E DA 80 - ........u1......
0050: AE 0F 0C 00 3E 18 E8 03 79 46 B6 44 - ....>...yF.D
rgbAuxOut unsigned char[] 59 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 4 (0x0004), Size: 51 (0x0033), SizeActual: 51 (0x0033) < Last >
AUX_HEADER: Size: 23 (0x0017), Version: 2 (0x02), Type: 67 (0x43) < AUX_VERSION_2 >
< EXCHANGEPERF_BLOCKTYPE_MAPIENDPOINT >
[Unrecognized Aux Block type: 67 (0x43), displaying in binary]
AlignPadding unsigned char[] 19 Byte(s)
0000: 02 11 77 32 6B 38 2E 6B 65 72 6E 65 76 69 6C 2E - ..w2k8.kernevil.
0010: 6C 61 6E - lan
Aux Payload in Binary Format:
AuxPayload unsigned char[] 19 Byte(s)
0000: 02 11 77 32 6B 38 2E 6B 65 72 6E 65 76 69 6C 2E - ..w2k8.kernevil.
0010: 6C 61 6E - lan
AUX_HEADER: Size: 8 (0x0008), Version: 1 (0x01), Type: 70 (0x46) < AUX_VERSION_1 >
< none >
[Unrecognized Aux Block type: 70 (0x46), displaying in binary]
AlignPadding unsigned char[] 4 Byte(s)
0000: 01 00 00 00 - ....
Aux Payload in Binary Format:
AuxPayload unsigned char[] 4 Byte(s)
0000: 01 00 00 00 - ....
AUX_HEADER: Size: 8 (0x0008), Version: 1 (0x01), Type: 23 (0x17) < AUX_VERSION_1 >
< AUX_TYPE_EXORGINFO >
OrgFlags unsigned long 0x00000001 (1) < PUBLIC_FOLDERS_ENABLED >
Aux Payload in Binary Format:
AuxPayload unsigned char[] 4 Byte(s)
0000: 01 00 00 00 - ....
AUX_HEADER: Size: 12 (0x000c), Version: 1 (0x01), Type: 10 (0x0a) < AUX_VERSION_1 >
< AUX_TYPE_CLIENT_CONTROL >
EnableFlags unsigned long 0x0000000d (13) < ENABLE_PERF_SENDTOSERVER | ENABLE_COMPRESSION | ENABLE_HTTP_TUNNELING >
ExpiryTime unsigned long 0x240c8400 (604800000)
Aux Payload in Binary Format:
AuxPayload unsigned char[] 8 Byte(s)
0000: 0D 00 00 00 00 84 0C 24 - .......$
*pcbAuxOut unsigned long 0x0000003b (59)
[Return value] unsigned long 0x00000000 (ecNone)
17:34:40.050 #00182 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:40.226 #00183 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:40.226 #00184 192.168.2.10:6001 192.168.2.20:22444 TCP/IP
17:34:40.227 #00185 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x2 ALTER CONTEXT: asyncemsmdb
17:34:40.227 #00186 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0x2 ALTER CONTEXT: asyncemsmdb
17:34:40.228 #00187 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0x2 ALTER CONTEXT RESPONSE: Unknown binding
17:34:40.228 #00188 192.168.2.20:22445 192.168.2.10:6001 TCP/IP
17:34:40.228 #00189 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0x2 ALTER CONTEXT RESPONSE: asyncemsmdb
17:34:40.228 #00190 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:40.429 #00191 192.168.2.10:6001 192.168.2.20:22444 TCP/IP
17:34:40.444 #00192 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:40.445 #00193 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x3 REQUEST: Store RPC
EcDoAsyncConnectEx
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
17:34:40.445 #00194 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0x3 REQUEST: Store RPC
EcDoAsyncConnectEx
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
17:34:40.447 #00195 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0x3 RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:40.447 #00196 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0x3 RESPONSE: 0 ms Store RPC
EcDoAsyncConnectEx
pacxh PACXH 0x00000000-{d0be953e-7bde-4b63-8ba7-bcdbe7e32a88}
[Return value] unsigned long 0x00000000 (ecNone)
17:34:40.448 #00197 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:40.663 #00198 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:40.663 #00199 192.168.2.20:22445 192.168.2.10:6001 TCP/IP
17:34:40.663 #00200 192.168.2.10:6001 192.168.2.20:22444 TCP/IP
17:34:40.664 #00201 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x4 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x00000079 (121)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 121 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 113 (0x0071), SizeActual: 113 (0x0071) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0xFFFFFFFF
RopLogon:
RopId unsigned char 0xfe (254)
LogonId unsigned char 0x00 (0)
OutputHandleIndex unsigned long 0 (HSOT=0xffffffff)
LogonFlags unsigned char 0x01 (1) < Private Logon >
OpenFlags unsigned long 0x0100040c (16778252) < HOME_LOGON | TAKE_OWNERSHIP | NO_MAIL | USE_PER_MDB_REPLID_MAPPING >
StoreState unsigned long 0x00000000 (0) < none >
EssdnSize unsigned short 0x005d (93)
Essdn CHAR * /o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=u1
Raw ROP data in binary form:
0002: FE 00 00 01 0C 04 00 01 00 00 00 00 5D 00 2F 6F - ............]./o
0012: 3D 46 69 72 73 74 20 4F 72 67 61 6E 69 7A 61 74 - =First Organizat
0022: 69 6F 6E 2F 6F 75 3D 45 78 63 68 61 6E 67 65 20 - ion/ou=Exchange
0032: 41 64 6D 69 6E 69 73 74 72 61 74 69 76 65 20 47 - Administrative G
0042: 72 6F 75 70 20 28 46 59 44 49 42 4F 48 46 32 33 - roup (FYDIBOHF23
0052: 53 50 44 4C 54 29 2F 63 6E 3D 52 65 63 69 70 69 - SPDLT)/cn=Recipi
0062: 65 6E 74 73 2F 63 6E 3D 75 31 00 - ents/cn=u1.
SUCCESS: 1 ROP(s) processed
17:34:40.664 #00202 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0x4 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x00000079 (121)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 121 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 113 (0x0071), SizeActual: 113 (0x0071) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0xFFFFFFFF
RopLogon:
RopId unsigned char 0xfe (254)
LogonId unsigned char 0x00 (0)
OutputHandleIndex unsigned long 0 (HSOT=0xffffffff)
LogonFlags unsigned char 0x01 (1) < Private Logon >
OpenFlags unsigned long 0x0100040c (16778252) < HOME_LOGON | TAKE_OWNERSHIP | NO_MAIL | USE_PER_MDB_REPLID_MAPPING >
StoreState unsigned long 0x00000000 (0) < none >
EssdnSize unsigned short 0x005d (93)
Essdn CHAR * /o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=u1
Raw ROP data in binary form:
0002: FE 00 00 01 0C 04 00 01 00 00 00 00 5D 00 2F 6F - ............]./o
0012: 3D 46 69 72 73 74 20 4F 72 67 61 6E 69 7A 61 74 - =First Organizat
0022: 69 6F 6E 2F 6F 75 3D 45 78 63 68 61 6E 67 65 20 - ion/ou=Exchange
0032: 41 64 6D 69 6E 69 73 74 72 61 74 69 76 65 20 47 - Administrative G
0042: 72 6F 75 70 20 28 46 59 44 49 42 4F 48 46 32 33 - roup (FYDIBOHF23
0052: 53 50 44 4C 54 29 2F 63 6E 3D 52 65 63 69 70 69 - SPDLT)/cn=Recipi
0062: 65 6E 74 73 2F 63 6E 3D 75 31 00 - ents/cn=u1.
SUCCESS: 1 ROP(s) processed
17:34:40.678 #00203 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0x4 RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:40.678 #00204 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0x4 RESPONSE: 0 ms Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
*pcbOut unsigned long 0x000000b4 (180)
*pcbAux unsigned long 0x00000000 (0)
rgbAuxOut unsigned char[] 0 byte(s)
*pulTransTime unsigned long 0x00000000 (0)
[Return value] unsigned long 0x00000000 (ecNone)
rgbOut unsigned char[] 180 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 172 (0x00ac), SizeActual: 172 (0x00ac) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000000
RopLogon:
RopId unsigned char 0xfe (254)
OutputHandleIndex unsigned long 0 (HSOT=0x00000000)
ReturnValue unsigned long 0x00000000 (ecNone)
LogonFlags unsigned char 0x01 (1) < Private Logon >
FolderIds (Default Folders):
Root Folder ID 26e1-000000ef357d
Deferred Action Folder ID 26e1-000000ef357f
Spooler queue ID 26e1-000000ef3580
IPM subtree ID 26e1-000000ef357e
Inbox ID 26e1-000000ef3581
Outbox ID 26e1-000000ef3582
Sent items ID 26e1-000000ef3583
Deleted Items ID 26e1-000000ef3584
Common Views ID 26e1-000000ef3587
Schedule ID 26e1-000000ef3588
Search ID 26e1-000000ef3585
Views ID 26e1-000000ef3586
Shortcuts ID 26e1-000000ef3589
ResponseFlags unsigned char 0x07 (7) < Localized | OwnerRight | SendAsRight >
MailboxGuid GUID {68b2f4b2-2195-4cc2-b749-81c0aea93cec}
ReplId unsigned short 0x26e1 (9953)
ReplGuid GUID {40fe6a0d-1419-484c-b410-236730621ad2}
LogonTime SYSTEMTIME 2014/08/08 (5=Friday) 15:34:40.000
GwartTime SYSTEMTIME 18228/06/15 (0=Sunday) 04:58:43.384 (0x48d18135-678c7d84)
StoreState unsigned long 0x00000000 (0) < none >
Raw ROP data in binary form:
0002: FE 00 00 00 00 00 01 E1 26 00 00 00 EF 35 7D E1 - ........&....5}.
0012: 26 00 00 00 EF 35 7F E1 26 00 00 00 EF 35 80 E1 - &....5..&....5..
0022: 26 00 00 00 EF 35 7E E1 26 00 00 00 EF 35 81 E1 - &....5~.&....5..
0032: 26 00 00 00 EF 35 82 E1 26 00 00 00 EF 35 83 E1 - &....5..&....5..
0042: 26 00 00 00 EF 35 84 E1 26 00 00 00 EF 35 87 E1 - &....5..&....5..
0052: 26 00 00 00 EF 35 88 E1 26 00 00 00 EF 35 85 E1 - &....5..&....5..
0062: 26 00 00 00 EF 35 86 E1 26 00 00 00 EF 35 89 07 - &....5..&....5..
0072: B2 F4 B2 68 95 21 C2 4C B7 49 81 C0 AE A9 3C EC - ...h.!.L.I....<.
0082: E1 26 0D 6A FE 40 19 14 4C 48 B4 10 23 67 30 62 - .&.j. at ..LH..#g0b
0092: 1A D2 28 22 0F 05 08 08 DE 07 84 7D 8C 67 35 81 - ..(".......}.g5.
00a2: D1 48 00 00 00 00 - .H....
SUCCESS: 1 ROP(s) processed in 0 chain(s)
17:34:40.679 #00205 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:40.866 #00206 192.168.2.10:6001 192.168.2.20:22444 TCP/IP
17:34:40.881 #00207 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:40.881 #00208 192.168.2.20:22445 192.168.2.10:6001 TCP/IP
17:34:40.881 #00209 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x5 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001b (27)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 27 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 19 (0x0013), SizeActual: 19 (0x0013) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000000
RopGetPropertiesSpecific:
RopId unsigned char 0x07 (7)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000000)
PropertySizeLimit unsigned short 0x0000 (0)
WantUnicode unsigned short 0x0001 (1)
PropertyTagCount unsigned short 0x0001 (1)
PropertyTags:
0x3001001f PidTagDisplayName
Raw ROP data in binary form:
0002: 07 00 00 00 00 01 00 01 00 1F 00 01 30 - ............0
SUCCESS: 1 ROP(s) processed
17:34:40.883 #00210 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0x5 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001b (27)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 27 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 19 (0x0013), SizeActual: 19 (0x0013) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000000
RopGetPropertiesSpecific:
RopId unsigned char 0x07 (7)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000000)
PropertySizeLimit unsigned short 0x0000 (0)
WantUnicode unsigned short 0x0001 (1)
PropertyTagCount unsigned short 0x0001 (1)
PropertyTags:
0x3001001f PidTagDisplayName
Raw ROP data in binary form:
0002: 07 00 00 00 00 01 00 01 00 1F 00 01 30 - ............0
SUCCESS: 1 ROP(s) processed
17:34:40.887 #00211 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0x5 RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:40.887 #00212 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0x5 RESPONSE: 0 ms Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
*pcbOut unsigned long 0x0000002f (47)
*pcbAux unsigned long 0x00000000 (0)
rgbAuxOut unsigned char[] 0 byte(s)
*pulTransTime unsigned long 0x00000000 (0)
[Return value] unsigned long 0x00000000 (ecNone)
rgbOut unsigned char[] 47 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 39 (0x0027), SizeActual: 39 (0x0027) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000000
RopGetPropertiesSpecific:
RopId unsigned char 0x07 (7)
InputHandleIndex unsigned long 0 (HSOT=0x00000000)
ReturnValue unsigned long 0x00000000 (ecNone)
RowDataCount unsigned short 0x0001 (1)
RowData PropertyValue[1]
Flag unsigned char 0x00 (0)
0x3001001f PidTagDisplayName PtypString Mailbox - u1
Raw ROP data in binary form:
0002: 07 00 00 00 00 00 00 4D 00 61 00 69 00 6C 00 62 - .......M.a.i.l.b
0012: 00 6F 00 78 00 20 00 2D 00 20 00 75 00 31 00 00 - .o.x. .-. .u.1..
0022: 00 - .
SUCCESS: 1 ROP(s) processed in 0 chain(s)
17:34:40.888 #00213 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:41.084 #00214 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:41.084 #00215 192.168.2.20:22445 192.168.2.10:6001 TCP/IP
17:34:41.084 #00216 192.168.2.10:6001 192.168.2.20:22444 TCP/IP
17:34:41.086 #00217 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x6 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001f (31)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 31 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 23 (0x0017), SizeActual: 23 (0x0017) < XorMagic | Last >
HSOT Table: 2 Item(s)
[0] 0x00000000 [1] 0xFFFFFFFF
RopOpenFolder:
RopId unsigned char 0x02 (2)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000000)
OutputHandleIndex unsigned long 1 (HSOT=0xffffffff)
FID ID 26e1-000000ef357e
OpenModeFlags unsigned char 0x00 (0) < ReadOnly >
Raw ROP data in binary form:
0002: 02 00 00 01 E1 26 00 00 00 EF 35 7E 00 - .....&....5~.
SUCCESS: 1 ROP(s) processed
17:34:41.086 #00218 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0x6 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001f (31)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 31 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 23 (0x0017), SizeActual: 23 (0x0017) < XorMagic | Last >
HSOT Table: 2 Item(s)
[0] 0x00000000 [1] 0xFFFFFFFF
RopOpenFolder:
RopId unsigned char 0x02 (2)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000000)
OutputHandleIndex unsigned long 1 (HSOT=0xffffffff)
FID ID 26e1-000000ef357e
OpenModeFlags unsigned char 0x00 (0) < ReadOnly >
Raw ROP data in binary form:
0002: 02 00 00 01 E1 26 00 00 00 EF 35 7E 00 - .....&....5~.
SUCCESS: 1 ROP(s) processed
17:34:41.090 #00219 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0x6 RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:41.091 #00220 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0x6 RESPONSE: 0 ms Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
*pcbOut unsigned long 0x0000001a (26)
*pcbAux unsigned long 0x00000000 (0)
rgbAuxOut unsigned char[] 0 byte(s)
*pulTransTime unsigned long 0x00000000 (0)
[Return value] unsigned long 0x00000000 (ecNone)
rgbOut unsigned char[] 26 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 18 (0x0012), SizeActual: 18 (0x0012) < XorMagic | Last >
HSOT Table: 2 Item(s)
[0] 0x00000000 [1] 0x00000001
RopOpenFolder:
RopId unsigned char 0x02 (2)
OutputHandleIndex unsigned long 1 (HSOT=0x00000001)
ReturnValue unsigned long 0x00000000 (ecNone)
HasRulesFlag unsigned char 0x00 (0)
IsGhosted unsigned char 0x00 (0)
Raw ROP data in binary form:
0002: 02 01 00 00 00 00 00 00 - ........
SUCCESS: 1 ROP(s) processed in 0 chain(s)
17:34:41.092 #00221 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:41.287 #00222 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:41.287 #00223 192.168.2.20:22445 192.168.2.10:6001 TCP/IP
17:34:41.287 #00224 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x7 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x00000017 (23)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 23 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 15 (0x000f), SizeActual: 15 (0x000f) < XorMagic | Last >
HSOT Table: 2 Item(s)
[0] 0x00000001 [1] 0xFFFFFFFF
RopGetHierarchyTable:
RopId unsigned char 0x04 (4)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000001)
OutputHandleIndex unsigned long 1 (HSOT=0xffffffff)
TableFlags unsigned char 0x00 (0) < none >
Raw ROP data in binary form:
0002: 04 00 00 01 00 - .....
SUCCESS: 1 ROP(s) processed
17:34:41.288 #00225 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0x7 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x00000017 (23)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 23 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 15 (0x000f), SizeActual: 15 (0x000f) < XorMagic | Last >
HSOT Table: 2 Item(s)
[0] 0x00000001 [1] 0xFFFFFFFF
RopGetHierarchyTable:
RopId unsigned char 0x04 (4)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000001)
OutputHandleIndex unsigned long 1 (HSOT=0xffffffff)
TableFlags unsigned char 0x00 (0) < none >
Raw ROP data in binary form:
0002: 04 00 00 01 00 - .....
SUCCESS: 1 ROP(s) processed
17:34:41.288 #00226 192.168.2.10:6001 192.168.2.20:22444 TCP/IP
17:34:41.291 #00227 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0x7 RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:41.292 #00228 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0x7 RESPONSE: 0 ms Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
*pcbOut unsigned long 0x0000001c (28)
*pcbAux unsigned long 0x00000000 (0)
rgbAuxOut unsigned char[] 0 byte(s)
*pulTransTime unsigned long 0x00000000 (0)
[Return value] unsigned long 0x00000000 (ecNone)
rgbOut unsigned char[] 28 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 20 (0x0014), SizeActual: 20 (0x0014) < XorMagic | Last >
HSOT Table: 2 Item(s)
[0] 0x00000001 [1] 0x00000002
RopGetHierarchyTable:
RopId unsigned char 0x04 (4)
OutputHandleIndex unsigned long 1 (HSOT=0x00000002)
ReturnValue unsigned long 0x00000000 (ecNone)
RowCount unsigned long 0x0000000c (12)
Raw ROP data in binary form:
0002: 04 01 00 00 00 00 0C 00 00 00 - ..........
SUCCESS: 1 ROP(s) processed in 0 chain(s)
17:34:41.293 #00229 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:41.491 #00230 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:41.491 #00231 192.168.2.20:22445 192.168.2.10:6001 TCP/IP
17:34:41.491 #00232 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x8 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000002c (44)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 44 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 36 (0x0024), SizeActual: 36 (0x0024) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000002
RopSetColumns:
RopId unsigned char 0x12 (18)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000002)
SetColumnsFlags unsigned char 0x00 (0)
PropertyTagCount unsigned short 0x0006 (6)
PropertyTags:
0x3001001f PidTagDisplayName
0x67480014 PidTagFolderId
0x3004001f PidTagComment
0x36030003 PidTagContentUnreadCount
0x36020003 PidTagContentCount
0x66380003 <Unknown>
Raw ROP data in binary form:
0002: 12 00 00 00 06 00 1F 00 01 30 14 00 48 67 1F 00 - .........0..Hg..
0012: 04 30 03 00 03 36 03 00 02 36 03 00 38 66 - .0...6...6..8f
SUCCESS: 1 ROP(s) processed
17:34:41.491 #00233 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0x8 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000002c (44)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 44 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 36 (0x0024), SizeActual: 36 (0x0024) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000002
RopSetColumns:
RopId unsigned char 0x12 (18)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000002)
SetColumnsFlags unsigned char 0x00 (0)
PropertyTagCount unsigned short 0x0006 (6)
PropertyTags:
0x3001001f PidTagDisplayName
0x67480014 PidTagFolderId
0x3004001f PidTagComment
0x36030003 PidTagContentUnreadCount
0x36020003 PidTagContentCount
0x66380003 <Unknown>
Raw ROP data in binary form:
0002: 12 00 00 00 06 00 1F 00 01 30 14 00 48 67 1F 00 - .........0..Hg..
0012: 04 30 03 00 03 36 03 00 02 36 03 00 38 66 - .0...6...6..8f
SUCCESS: 1 ROP(s) processed
17:34:41.493 #00234 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0x8 RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:41.493 #00235 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0x8 RESPONSE: 0 ms Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
*pcbOut unsigned long 0x00000015 (21)
*pcbAux unsigned long 0x00000000 (0)
rgbAuxOut unsigned char[] 0 byte(s)
*pulTransTime unsigned long 0x00000000 (0)
[Return value] unsigned long 0x00000000 (ecNone)
rgbOut unsigned char[] 21 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 13 (0x000d), SizeActual: 13 (0x000d) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000002
RopSetColumns:
RopId unsigned char 0x12 (18)
InputHandleIndex unsigned long 0 (HSOT=0x00000002)
ReturnValue unsigned long 0x00000000 (ecNone)
TableStatus unsigned char 0x00 (0) < TBLSTAT_COMPLETE >
Raw ROP data in binary form:
0002: 12 00 00 00 00 00 00 - .......
SUCCESS: 1 ROP(s) processed in 0 chain(s)
17:34:41.493 #00236 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:41.692 #00237 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:41.692 #00238 192.168.2.20:22445 192.168.2.10:6001 TCP/IP
17:34:41.692 #00239 192.168.2.10:6001 192.168.2.20:22444 TCP/IP
17:34:41.693 #00240 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x9 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x00000015 (21)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 21 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 13 (0x000d), SizeActual: 13 (0x000d) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000002
RopQueryRows:
RopId unsigned char 0x15 (21)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000002)
QueryRowsFlags unsigned char 0x00 (0)
ForwardRead unsigned char 0x01 (1)
RowCount unsigned short 0x0032 (50)
Raw ROP data in binary form:
0002: 15 00 00 00 01 32 00 - .....2.
SUCCESS: 1 ROP(s) processed
17:34:41.693 #00241 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0x9 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x00000015 (21)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 21 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 13 (0x000d), SizeActual: 13 (0x000d) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000002
RopQueryRows:
RopId unsigned char 0x15 (21)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000002)
QueryRowsFlags unsigned char 0x00 (0)
ForwardRead unsigned char 0x01 (1)
RowCount unsigned short 0x0032 (50)
Raw ROP data in binary form:
0002: 15 00 00 00 01 32 00 - .....2.
SUCCESS: 1 ROP(s) processed
17:34:41.698 #00242 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0x9 RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:41.698 #00243 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0x9 RESPONSE: 0 ms Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
*pcbOut unsigned long 0x00000223 (547)
*pcbAux unsigned long 0x00000000 (0)
rgbAuxOut unsigned char[] 0 byte(s)
*pulTransTime unsigned long 0x00000000 (0)
[Return value] unsigned long 0x00000000 (ecNone)
rgbOut unsigned char[] 547 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 539 (0x021b), SizeActual: 539 (0x021b) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000002
RopQueryRows:
RopId unsigned char 0x15 (21)
InputHandleIndex unsigned long 0 (HSOT=0x00000002)
ReturnValue unsigned long 0x00000000 (ecNone)
Origin unsigned char 0x02 (2) < BOOKMARK_END >
RowCount unsigned short 0x000c (12)
RowData PropertyRow[6]
PropertyRow[1]:
PropertyValueCount unsigned short 0x0006 (6)
PropertyValues PropertyValue[6]
Flag unsigned char 0x00 (0)
0x3001001f PidTagDisplayName PtypString Calendar
0x67480014 PidTagFolderId PtypInteger64 0x8a35ef00-000026e1
0x3004001f PidTagComment PtypString
0x36030003 PidTagContentUnreadCount PtypInteger32 0x00000000 (0)
0x36020003 PidTagContentCount PtypInteger32 0x00000000 (0)
0x66380003 <Unknown> PtypInteger32 0x00000000 (0)
PropertyRow[2]:
PropertyValueCount unsigned short 0x0006 (6)
PropertyValues PropertyValue[6]
Flag unsigned char 0x00 (0)
0x3001001f PidTagDisplayName PtypString Contacts
0x67480014 PidTagFolderId PtypInteger64 0x8b35ef00-000026e1
0x3004001f PidTagComment PtypString
0x36030003 PidTagContentUnreadCount PtypInteger32 0x00000000 (0)
0x36020003 PidTagContentCount PtypInteger32 0x00000000 (0)
0x66380003 <Unknown> PtypInteger32 0x00000000 (0)
PropertyRow[3]:
PropertyValueCount unsigned short 0x0006 (6)
PropertyValues PropertyValue[6]
Flag unsigned char 0x00 (0)
0x3001001f PidTagDisplayName PtypString Conversation Action Settings
0x67480014 PidTagFolderId PtypInteger64 0xc235ef00-000026e1
0x3004001f PidTagComment PtypString
0x36030003 PidTagContentUnreadCount PtypInteger32 0x00000000 (0)
0x36020003 PidTagContentCount PtypInteger32 0x00000000 (0)
0x66380003 <Unknown> PtypInteger32 0x00000000 (0)
PropertyRow[4]:
PropertyValueCount unsigned short 0x0006 (6)
PropertyValues PropertyValue[6]
Flag unsigned char 0x00 (0)
0x3001001f PidTagDisplayName PtypString Deleted Items
0x67480014 PidTagFolderId PtypInteger64 0x8435ef00-000026e1
0x3004001f PidTagComment PtypString
0x36030003 PidTagContentUnreadCount PtypInteger32 0x00000000 (0)
0x36020003 PidTagContentCount PtypInteger32 0x00000000 (0)
0x66380003 <Unknown> PtypInteger32 0x00000000 (0)
PropertyRow[5]:
PropertyValueCount unsigned short 0x0006 (6)
PropertyValues PropertyValue[6]
Flag unsigned char 0x00 (0)
0x3001001f PidTagDisplayName PtypString Drafts
0x67480014 PidTagFolderId PtypInteger64 0x8c35ef00-000026e1
0x3004001f PidTagComment PtypString
0x36030003 PidTagContentUnreadCount PtypInteger32 0x00000000 (0)
0x36020003 PidTagContentCount PtypInteger32 0x00000000 (0)
0x66380003 <Unknown> PtypInteger32 0x00000000 (0)
PropertyRow[6]:
PropertyValueCount unsigned short 0x0006 (6)
PropertyValues PropertyValue[6]
Flag unsigned char 0x00 (0)
0x3001001f PidTagDisplayName PtypString Inbox
0x67480014 PidTagFolderId PtypInteger64 0x8135ef00-000026e1
0x3004001f PidTagComment PtypString
0x36030003 PidTagContentUnreadCount PtypInteger32 0x00000000 (0)
0x36020003 PidTagContentCount PtypInteger32 0x00000000 (0)
0x66380003 <Unknown> PtypInteger32 0x00000000 (0)
PropertyRow[7]:
PropertyValueCount unsigned short 0x0006 (6)
PropertyValues PropertyValue[6]
Flag unsigned char 0x00 (0)
0x3001001f PidTagDisplayName PtypString Journal
0x67480014 PidTagFolderId PtypInteger64 0x8d35ef00-000026e1
0x3004001f PidTagComment PtypString
0x36030003 PidTagContentUnreadCount PtypInteger32 0x00000000 (0)
0x36020003 PidTagContentCount PtypInteger32 0x00000000 (0)
0x66380003 <Unknown> PtypInteger32 0x00000000 (0)
PropertyRow[8]:
PropertyValueCount unsigned short 0x0006 (6)
PropertyValues PropertyValue[6]
Flag unsigned char 0x00 (0)
0x3001001f PidTagDisplayName PtypString Junk E-Mail
0x67480014 PidTagFolderId PtypInteger64 0xbd35ef00-000026e1
0x3004001f PidTagComment PtypString
0x36030003 PidTagContentUnreadCount PtypInteger32 0x00000000 (0)
0x36020003 PidTagContentCount PtypInteger32 0x00000000 (0)
0x66380003 <Unknown> PtypInteger32 0x00000000 (0)
PropertyRow[9]:
PropertyValueCount unsigned short 0x0006 (6)
PropertyValues PropertyValue[6]
Flag unsigned char 0x00 (0)
0x3001001f PidTagDisplayName PtypString Notes
0x67480014 PidTagFolderId PtypInteger64 0x8e35ef00-000026e1
0x3004001f PidTagComment PtypString
0x36030003 PidTagContentUnreadCount PtypInteger32 0x00000000 (0)
0x36020003 PidTagContentCount PtypInteger32 0x00000000 (0)
0x66380003 <Unknown> PtypInteger32 0x00000000 (0)
PropertyRow[10]:
PropertyValueCount unsigned short 0x0006 (6)
PropertyValues PropertyValue[6]
Flag unsigned char 0x00 (0)
0x3001001f PidTagDisplayName PtypString Outbox
0x67480014 PidTagFolderId PtypInteger64 0x8235ef00-000026e1
0x3004001f PidTagComment PtypString
0x36030003 PidTagContentUnreadCount PtypInteger32 0x00000000 (0)
0x36020003 PidTagContentCount PtypInteger32 0x00000000 (0)
0x66380003 <Unknown> PtypInteger32 0x00000000 (0)
PropertyRow[11]:
PropertyValueCount unsigned short 0x0006 (6)
PropertyValues PropertyValue[6]
Flag unsigned char 0x00 (0)
0x3001001f PidTagDisplayName PtypString Sent Items
0x67480014 PidTagFolderId PtypInteger64 0x8335ef00-000026e1
0x3004001f PidTagComment PtypString
0x36030003 PidTagContentUnreadCount PtypInteger32 0x00000000 (0)
0x36020003 PidTagContentCount PtypInteger32 0x00000000 (0)
0x66380003 <Unknown> PtypInteger32 0x00000000 (0)
PropertyRow[12]:
PropertyValueCount unsigned short 0x0006 (6)
PropertyValues PropertyValue[6]
Flag unsigned char 0x00 (0)
0x3001001f PidTagDisplayName PtypString Tasks
0x67480014 PidTagFolderId PtypInteger64 0x8f35ef00-000026e1
0x3004001f PidTagComment PtypString
0x36030003 PidTagContentUnreadCount PtypInteger32 0x00000000 (0)
0x36020003 PidTagContentCount PtypInteger32 0x00000000 (0)
0x66380003 <Unknown> PtypInteger32 0x00000000 (0)
Raw ROP data in binary form:
0002: 15 00 00 00 00 00 02 0C 00 00 43 00 61 00 6C 00 - ..........C.a.l.
0012: 65 00 6E 00 64 00 61 00 72 00 00 00 E1 26 00 00 - e.n.d.a.r....&..
0022: 00 EF 35 8A 00 00 00 00 00 00 00 00 00 00 00 00 - ..5.............
0032: 00 00 00 43 00 6F 00 6E 00 74 00 61 00 63 00 74 - ...C.o.n.t.a.c.t
0042: 00 73 00 00 00 E1 26 00 00 00 EF 35 8B 00 00 00 - .s....&....5....
0052: 00 00 00 00 00 00 00 00 00 00 00 00 43 00 6F 00 - ............C.o.
0062: 6E 00 76 00 65 00 72 00 73 00 61 00 74 00 69 00 - n.v.e.r.s.a.t.i.
0072: 6F 00 6E 00 20 00 41 00 63 00 74 00 69 00 6F 00 - o.n. .A.c.t.i.o.
0082: 6E 00 20 00 53 00 65 00 74 00 74 00 69 00 6E 00 - n. .S.e.t.t.i.n.
0092: 67 00 73 00 00 00 E1 26 00 00 00 EF 35 C2 00 00 - g.s....&....5...
00a2: 00 00 00 00 00 00 00 00 00 00 00 00 00 44 00 65 - .............D.e
00b2: 00 6C 00 65 00 74 00 65 00 64 00 20 00 49 00 74 - .l.e.t.e.d. .I.t
00c2: 00 65 00 6D 00 73 00 00 00 E1 26 00 00 00 EF 35 - .e.m.s....&....5
00d2: 84 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
00e2: 44 00 72 00 61 00 66 00 74 00 73 00 00 00 E1 26 - D.r.a.f.t.s....&
00f2: 00 00 00 EF 35 8C 00 00 00 00 00 00 00 00 00 00 - ....5...........
0102: 00 00 00 00 00 49 00 6E 00 62 00 6F 00 78 00 00 - .....I.n.b.o.x..
0112: 00 E1 26 00 00 00 EF 35 81 00 00 00 00 00 00 00 - ..&....5........
0122: 00 00 00 00 00 00 00 00 4A 00 6F 00 75 00 72 00 - ........J.o.u.r.
0132: 6E 00 61 00 6C 00 00 00 E1 26 00 00 00 EF 35 8D - n.a.l....&....5.
0142: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4A - ...............J
0152: 00 75 00 6E 00 6B 00 20 00 45 00 2D 00 4D 00 61 - .u.n.k. .E.-.M.a
0162: 00 69 00 6C 00 00 00 E1 26 00 00 00 EF 35 BD 00 - .i.l....&....5..
0172: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4E 00 - ..............N.
0182: 6F 00 74 00 65 00 73 00 00 00 E1 26 00 00 00 EF - o.t.e.s....&....
0192: 35 8E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - 5...............
01a2: 00 4F 00 75 00 74 00 62 00 6F 00 78 00 00 00 E1 - .O.u.t.b.o.x....
01b2: 26 00 00 00 EF 35 82 00 00 00 00 00 00 00 00 00 - &....5..........
01c2: 00 00 00 00 00 00 53 00 65 00 6E 00 74 00 20 00 - ......S.e.n.t. .
01d2: 49 00 74 00 65 00 6D 00 73 00 00 00 E1 26 00 00 - I.t.e.m.s....&..
01e2: 00 EF 35 83 00 00 00 00 00 00 00 00 00 00 00 00 - ..5.............
01f2: 00 00 00 54 00 61 00 73 00 6B 00 73 00 00 00 E1 - ...T.a.s.k.s....
0202: 26 00 00 00 EF 35 8F 00 00 00 00 00 00 00 00 00 - &....5..........
0212: 00 00 00 00 00 - .....
SUCCESS: 1 ROP(s) processed in 0 chain(s)
17:34:41.699 #00244 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:41.895 #00245 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:41.895 #00246 192.168.2.20:22445 192.168.2.10:6001 TCP/IP
17:34:41.895 #00247 192.168.2.10:6001 192.168.2.20:22444 TCP/IP
17:34:41.896 #00248 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0xa REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001f (31)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 31 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 23 (0x0017), SizeActual: 23 (0x0017) < XorMagic | Last >
HSOT Table: 2 Item(s)
[0] 0x00000000 [1] 0xFFFFFFFF
RopOpenFolder:
RopId unsigned char 0x02 (2)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000000)
OutputHandleIndex unsigned long 1 (HSOT=0xffffffff)
FID ID 26e1-000000ef358a
OpenModeFlags unsigned char 0x00 (0) < ReadOnly >
Raw ROP data in binary form:
0002: 02 00 00 01 E1 26 00 00 00 EF 35 8A 00 - .....&....5..
SUCCESS: 1 ROP(s) processed
17:34:41.897 #00249 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0xa REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001f (31)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 31 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 23 (0x0017), SizeActual: 23 (0x0017) < XorMagic | Last >
HSOT Table: 2 Item(s)
[0] 0x00000000 [1] 0xFFFFFFFF
RopOpenFolder:
RopId unsigned char 0x02 (2)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000000)
OutputHandleIndex unsigned long 1 (HSOT=0xffffffff)
FID ID 26e1-000000ef358a
OpenModeFlags unsigned char 0x00 (0) < ReadOnly >
Raw ROP data in binary form:
0002: 02 00 00 01 E1 26 00 00 00 EF 35 8A 00 - .....&....5..
SUCCESS: 1 ROP(s) processed
17:34:41.901 #00250 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0xa RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:41.901 #00251 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0xa RESPONSE: 0 ms Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
*pcbOut unsigned long 0x0000001a (26)
*pcbAux unsigned long 0x00000000 (0)
rgbAuxOut unsigned char[] 0 byte(s)
*pulTransTime unsigned long 0x00000000 (0)
[Return value] unsigned long 0x00000000 (ecNone)
rgbOut unsigned char[] 26 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 18 (0x0012), SizeActual: 18 (0x0012) < XorMagic | Last >
HSOT Table: 2 Item(s)
[0] 0x00000000 [1] 0x00000003
RopOpenFolder:
RopId unsigned char 0x02 (2)
OutputHandleIndex unsigned long 1 (HSOT=0x00000003)
ReturnValue unsigned long 0x00000000 (ecNone)
HasRulesFlag unsigned char 0x00 (0)
IsGhosted unsigned char 0x00 (0)
Raw ROP data in binary form:
0002: 02 01 00 00 00 00 00 00 - ........
SUCCESS: 1 ROP(s) processed in 0 chain(s)
17:34:41.903 #00252 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:42.098 #00253 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:42.098 #00254 192.168.2.20:22445 192.168.2.10:6001 TCP/IP
17:34:42.099 #00255 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0xb REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001b (27)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 27 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 19 (0x0013), SizeActual: 19 (0x0013) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000003
RopGetPropertiesSpecific:
RopId unsigned char 0x07 (7)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000003)
PropertySizeLimit unsigned short 0x0000 (0)
WantUnicode unsigned short 0x0001 (1)
PropertyTagCount unsigned short 0x0001 (1)
PropertyTags:
0x3613001e PidTagContainerClass
Raw ROP data in binary form:
0002: 07 00 00 00 00 01 00 01 00 1E 00 13 36 - ............6
SUCCESS: 1 ROP(s) processed
17:34:42.099 #00256 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0xb REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001b (27)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 27 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 19 (0x0013), SizeActual: 19 (0x0013) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000003
RopGetPropertiesSpecific:
RopId unsigned char 0x07 (7)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000003)
PropertySizeLimit unsigned short 0x0000 (0)
WantUnicode unsigned short 0x0001 (1)
PropertyTagCount unsigned short 0x0001 (1)
PropertyTags:
0x3613001e PidTagContainerClass
Raw ROP data in binary form:
0002: 07 00 00 00 00 01 00 01 00 1E 00 13 36 - ............6
SUCCESS: 1 ROP(s) processed
17:34:42.099 #00257 192.168.2.10:6001 192.168.2.20:22444 TCP/IP
17:34:42.103 #00258 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0xb RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:42.103 #00259 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0xb RESPONSE: 0 ms Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
*pcbOut unsigned long 0x00000025 (37)
*pcbAux unsigned long 0x00000000 (0)
rgbAuxOut unsigned char[] 0 byte(s)
*pulTransTime unsigned long 0x00000000 (0)
[Return value] unsigned long 0x00000000 (ecNone)
rgbOut unsigned char[] 37 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 29 (0x001d), SizeActual: 29 (0x001d) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000003
RopGetPropertiesSpecific:
RopId unsigned char 0x07 (7)
InputHandleIndex unsigned long 0 (HSOT=0x00000003)
ReturnValue unsigned long 0x00000000 (ecNone)
RowDataCount unsigned short 0x0001 (1)
RowData PropertyValue[1]
Flag unsigned char 0x00 (0)
0x3613001e PidTagContainerClass PtypString8 IPF.Appointment
Raw ROP data in binary form:
0002: 07 00 00 00 00 00 00 49 50 46 2E 41 70 70 6F 69 - .......IPF.Appoi
0012: 6E 74 6D 65 6E 74 00 - ntment.
SUCCESS: 1 ROP(s) processed in 0 chain(s)
17:34:42.104 #00260 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:42.300 #00261 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:42.301 #00262 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0xc REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x00000011 (17)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 17 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 9 (0x0009), SizeActual: 9 (0x0009) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000003
RopRelease:
RopId unsigned char 0x01 (1)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000003)
Raw ROP data in binary form:
0002: 01 00 00 - ...
SUCCESS: 1 ROP(s) processed
17:34:42.301 #00263 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0xc REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x00000011 (17)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 17 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 9 (0x0009), SizeActual: 9 (0x0009) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000003
RopRelease:
RopId unsigned char 0x01 (1)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000003)
Raw ROP data in binary form:
0002: 01 00 00 - ...
SUCCESS: 1 ROP(s) processed
17:34:42.302 #00264 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0xc RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:42.302 #00265 192.168.2.20:22445 192.168.2.10:6001 TCP/IP
17:34:42.302 #00266 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0xc RESPONSE: 0 ms Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
*pcbOut unsigned long 0x0000000e (14)
*pcbAux unsigned long 0x00000000 (0)
rgbAuxOut unsigned char[] 0 byte(s)
*pulTransTime unsigned long 0x00000000 (0)
[Return value] unsigned long 0x00000000 (ecNone)
rgbOut unsigned char[] 14 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 6 (0x0006), SizeActual: 6 (0x0006) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x01FFFFFE
SUCCESS: 0 ROP(s) processed in 0 chain(s)
17:34:42.302 #00267 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:42.503 #00268 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:42.503 #00269 192.168.2.10:6001 192.168.2.20:22444 TCP/IP
17:34:42.504 #00270 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0xd REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001f (31)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 31 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 23 (0x0017), SizeActual: 23 (0x0017) < XorMagic | Last >
HSOT Table: 2 Item(s)
[0] 0x00000000 [1] 0xFFFFFFFF
RopOpenFolder:
RopId unsigned char 0x02 (2)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000000)
OutputHandleIndex unsigned long 1 (HSOT=0xffffffff)
FID ID 26e1-000000ef358b
OpenModeFlags unsigned char 0x00 (0) < ReadOnly >
Raw ROP data in binary form:
0002: 02 00 00 01 E1 26 00 00 00 EF 35 8B 00 - .....&....5..
SUCCESS: 1 ROP(s) processed
17:34:42.504 #00271 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0xd REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001f (31)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 31 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 23 (0x0017), SizeActual: 23 (0x0017) < XorMagic | Last >
HSOT Table: 2 Item(s)
[0] 0x00000000 [1] 0xFFFFFFFF
RopOpenFolder:
RopId unsigned char 0x02 (2)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000000)
OutputHandleIndex unsigned long 1 (HSOT=0xffffffff)
FID ID 26e1-000000ef358b
OpenModeFlags unsigned char 0x00 (0) < ReadOnly >
Raw ROP data in binary form:
0002: 02 00 00 01 E1 26 00 00 00 EF 35 8B 00 - .....&....5..
SUCCESS: 1 ROP(s) processed
17:34:42.509 #00272 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0xd RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:42.509 #00273 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0xd RESPONSE: 0 ms Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
*pcbOut unsigned long 0x0000001a (26)
*pcbAux unsigned long 0x00000000 (0)
rgbAuxOut unsigned char[] 0 byte(s)
*pulTransTime unsigned long 0x00000000 (0)
[Return value] unsigned long 0x00000000 (ecNone)
rgbOut unsigned char[] 26 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 18 (0x0012), SizeActual: 18 (0x0012) < XorMagic | Last >
HSOT Table: 2 Item(s)
[0] 0x00000000 [1] 0x00000004
RopOpenFolder:
RopId unsigned char 0x02 (2)
OutputHandleIndex unsigned long 1 (HSOT=0x00000004)
ReturnValue unsigned long 0x00000000 (ecNone)
HasRulesFlag unsigned char 0x00 (0)
IsGhosted unsigned char 0x00 (0)
Raw ROP data in binary form:
0002: 02 01 00 00 00 00 00 00 - ........
SUCCESS: 1 ROP(s) processed in 0 chain(s)
17:34:42.510 #00274 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:42.707 #00275 192.168.2.10:6001 192.168.2.20:22444 TCP/IP
17:34:42.722 #00276 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:42.722 #00277 192.168.2.20:22445 192.168.2.10:6001 TCP/IP
17:34:42.723 #00278 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0xe REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001b (27)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 27 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 19 (0x0013), SizeActual: 19 (0x0013) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000004
RopGetPropertiesSpecific:
RopId unsigned char 0x07 (7)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000004)
PropertySizeLimit unsigned short 0x0000 (0)
WantUnicode unsigned short 0x0001 (1)
PropertyTagCount unsigned short 0x0001 (1)
PropertyTags:
0x3613001e PidTagContainerClass
Raw ROP data in binary form:
0002: 07 00 00 00 00 01 00 01 00 1E 00 13 36 - ............6
SUCCESS: 1 ROP(s) processed
17:34:42.723 #00279 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0xe REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001b (27)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 27 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 19 (0x0013), SizeActual: 19 (0x0013) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000004
RopGetPropertiesSpecific:
RopId unsigned char 0x07 (7)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000004)
PropertySizeLimit unsigned short 0x0000 (0)
WantUnicode unsigned short 0x0001 (1)
PropertyTagCount unsigned short 0x0001 (1)
PropertyTags:
0x3613001e PidTagContainerClass
Raw ROP data in binary form:
0002: 07 00 00 00 00 01 00 01 00 1E 00 13 36 - ............6
SUCCESS: 1 ROP(s) processed
17:34:42.727 #00280 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0xe RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:42.728 #00281 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0xe RESPONSE: 0 ms Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
*pcbOut unsigned long 0x00000021 (33)
*pcbAux unsigned long 0x00000000 (0)
rgbAuxOut unsigned char[] 0 byte(s)
*pulTransTime unsigned long 0x00000000 (0)
[Return value] unsigned long 0x00000000 (ecNone)
rgbOut unsigned char[] 33 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 25 (0x0019), SizeActual: 25 (0x0019) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000004
RopGetPropertiesSpecific:
RopId unsigned char 0x07 (7)
InputHandleIndex unsigned long 0 (HSOT=0x00000004)
ReturnValue unsigned long 0x00000000 (ecNone)
RowDataCount unsigned short 0x0001 (1)
RowData PropertyValue[1]
Flag unsigned char 0x00 (0)
0x3613001e PidTagContainerClass PtypString8 IPF.Contact
Raw ROP data in binary form:
0002: 07 00 00 00 00 00 00 49 50 46 2E 43 6F 6E 74 61 - .......IPF.Conta
0012: 63 74 00 - ct.
SUCCESS: 1 ROP(s) processed in 0 chain(s)
17:34:42.729 #00282 192.168.2.254:60991 192.168.2.20:80 TCP/IP
00:00:00.000 #00283
00:00:00.000 #00284
17:34:42.925 #00285 192.168.2.10:6001 192.168.2.20:22444 TCP/IP
17:34:42.940 #00286 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:42.941 #00287 192.168.2.20:22445 192.168.2.10:6001 TCP/IP
17:34:42.941 #00288 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0xf REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x00000011 (17)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 17 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 9 (0x0009), SizeActual: 9 (0x0009) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000004
RopRelease:
RopId unsigned char 0x01 (1)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000004)
Raw ROP data in binary form:
0002: 01 00 00 - ...
SUCCESS: 1 ROP(s) processed
17:34:42.941 #00289 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0xf REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x00000011 (17)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 17 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 9 (0x0009), SizeActual: 9 (0x0009) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000004
RopRelease:
RopId unsigned char 0x01 (1)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000004)
Raw ROP data in binary form:
0002: 01 00 00 - ...
SUCCESS: 1 ROP(s) processed
17:34:42.942 #00290 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0xf RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:42.942 #00291 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0xf RESPONSE: 0 ms Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
*pcbOut unsigned long 0x0000000e (14)
*pcbAux unsigned long 0x00000000 (0)
rgbAuxOut unsigned char[] 0 byte(s)
*pulTransTime unsigned long 0x00000000 (0)
[Return value] unsigned long 0x00000000 (ecNone)
rgbOut unsigned char[] 14 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 6 (0x0006), SizeActual: 6 (0x0006) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x01FFFFFE
SUCCESS: 0 ROP(s) processed in 0 chain(s)
17:34:42.943 #00292 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:43.143 #00293 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:43.143 #00294 192.168.2.20:22445 192.168.2.10:6001 TCP/IP
17:34:43.143 #00295 192.168.2.10:6001 192.168.2.20:22444 TCP/IP
17:34:43.144 #00296 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x10 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001f (31)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 31 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 23 (0x0017), SizeActual: 23 (0x0017) < XorMagic | Last >
HSOT Table: 2 Item(s)
[0] 0x00000000 [1] 0xFFFFFFFF
RopOpenFolder:
RopId unsigned char 0x02 (2)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000000)
OutputHandleIndex unsigned long 1 (HSOT=0xffffffff)
FID ID 26e1-000000ef35c2
OpenModeFlags unsigned char 0x00 (0) < ReadOnly >
Raw ROP data in binary form:
0002: 02 00 00 01 E1 26 00 00 00 EF 35 C2 00 - .....&....5..
SUCCESS: 1 ROP(s) processed
17:34:43.144 #00297 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0x10 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001f (31)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 31 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 23 (0x0017), SizeActual: 23 (0x0017) < XorMagic | Last >
HSOT Table: 2 Item(s)
[0] 0x00000000 [1] 0xFFFFFFFF
RopOpenFolder:
RopId unsigned char 0x02 (2)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000000)
OutputHandleIndex unsigned long 1 (HSOT=0xffffffff)
FID ID 26e1-000000ef35c2
OpenModeFlags unsigned char 0x00 (0) < ReadOnly >
Raw ROP data in binary form:
0002: 02 00 00 01 E1 26 00 00 00 EF 35 C2 00 - .....&....5..
SUCCESS: 1 ROP(s) processed
17:34:43.148 #00298 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0x10 RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:43.148 #00299 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0x10 RESPONSE: 0 ms Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
*pcbOut unsigned long 0x0000001a (26)
*pcbAux unsigned long 0x00000000 (0)
rgbAuxOut unsigned char[] 0 byte(s)
*pulTransTime unsigned long 0x00000000 (0)
[Return value] unsigned long 0x00000000 (ecNone)
rgbOut unsigned char[] 26 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 18 (0x0012), SizeActual: 18 (0x0012) < XorMagic | Last >
HSOT Table: 2 Item(s)
[0] 0x00000000 [1] 0x00000005
RopOpenFolder:
RopId unsigned char 0x02 (2)
OutputHandleIndex unsigned long 1 (HSOT=0x00000005)
ReturnValue unsigned long 0x00000000 (ecNone)
HasRulesFlag unsigned char 0x00 (0)
IsGhosted unsigned char 0x00 (0)
Raw ROP data in binary form:
0002: 02 01 00 00 00 00 00 00 - ........
SUCCESS: 1 ROP(s) processed in 0 chain(s)
17:34:43.148 #00300 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:43.346 #00301 192.168.2.10:6001 192.168.2.20:22444 TCP/IP
17:34:43.361 #00302 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:43.362 #00303 192.168.2.20:22445 192.168.2.10:6001 TCP/IP
17:34:43.362 #00304 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x11 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001b (27)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 27 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 19 (0x0013), SizeActual: 19 (0x0013) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000005
RopGetPropertiesSpecific:
RopId unsigned char 0x07 (7)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000005)
PropertySizeLimit unsigned short 0x0000 (0)
WantUnicode unsigned short 0x0001 (1)
PropertyTagCount unsigned short 0x0001 (1)
PropertyTags:
0x3613001e PidTagContainerClass
Raw ROP data in binary form:
0002: 07 00 00 00 00 01 00 01 00 1E 00 13 36 - ............6
SUCCESS: 1 ROP(s) processed
17:34:43.363 #00305 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0x11 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001b (27)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 27 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 19 (0x0013), SizeActual: 19 (0x0013) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000005
RopGetPropertiesSpecific:
RopId unsigned char 0x07 (7)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000005)
PropertySizeLimit unsigned short 0x0000 (0)
WantUnicode unsigned short 0x0001 (1)
PropertyTagCount unsigned short 0x0001 (1)
PropertyTags:
0x3613001e PidTagContainerClass
Raw ROP data in binary form:
0002: 07 00 00 00 00 01 00 01 00 1E 00 13 36 - ............6
SUCCESS: 1 ROP(s) processed
17:34:43.366 #00306 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0x11 RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:43.366 #00307 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0x11 RESPONSE: 0 ms Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
*pcbOut unsigned long 0x00000027 (39)
*pcbAux unsigned long 0x00000000 (0)
rgbAuxOut unsigned char[] 0 byte(s)
*pulTransTime unsigned long 0x00000000 (0)
[Return value] unsigned long 0x00000000 (ecNone)
rgbOut unsigned char[] 39 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 31 (0x001f), SizeActual: 31 (0x001f) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000005
RopGetPropertiesSpecific:
RopId unsigned char 0x07 (7)
InputHandleIndex unsigned long 0 (HSOT=0x00000005)
ReturnValue unsigned long 0x00000000 (ecNone)
RowDataCount unsigned short 0x0001 (1)
RowData PropertyValue[1]
Flag unsigned char 0x00 (0)
0x3613001e PidTagContainerClass PtypString8 IPF.Configuration
Raw ROP data in binary form:
0002: 07 00 00 00 00 00 00 49 50 46 2E 43 6F 6E 66 69 - .......IPF.Confi
0012: 67 75 72 61 74 69 6F 6E 00 - guration.
SUCCESS: 1 ROP(s) processed in 0 chain(s)
17:34:43.367 #00308 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:43.564 #00309 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:43.564 #00310 192.168.2.20:22445 192.168.2.10:6001 TCP/IP
17:34:43.564 #00311 192.168.2.10:6001 192.168.2.20:22444 TCP/IP
17:34:43.565 #00312 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x12 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x00000011 (17)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 17 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 9 (0x0009), SizeActual: 9 (0x0009) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000005
RopRelease:
RopId unsigned char 0x01 (1)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000005)
Raw ROP data in binary form:
0002: 01 00 00 - ...
SUCCESS: 1 ROP(s) processed
17:34:43.565 #00313 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0x12 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x00000011 (17)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 17 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 9 (0x0009), SizeActual: 9 (0x0009) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000005
RopRelease:
RopId unsigned char 0x01 (1)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000005)
Raw ROP data in binary form:
0002: 01 00 00 - ...
SUCCESS: 1 ROP(s) processed
17:34:43.566 #00314 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0x12 RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:43.566 #00315 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0x12 RESPONSE: 0 ms Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
*pcbOut unsigned long 0x0000000e (14)
*pcbAux unsigned long 0x00000000 (0)
rgbAuxOut unsigned char[] 0 byte(s)
*pulTransTime unsigned long 0x00000000 (0)
[Return value] unsigned long 0x00000000 (ecNone)
rgbOut unsigned char[] 14 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 6 (0x0006), SizeActual: 6 (0x0006) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x01FFFFFE
SUCCESS: 0 ROP(s) processed in 0 chain(s)
17:34:43.566 #00316 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:43.768 #00317 192.168.2.10:6001 192.168.2.20:22444 TCP/IP
17:34:43.783 #00318 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:43.783 #00319 192.168.2.20:22445 192.168.2.10:6001 TCP/IP
17:34:43.786 #00320 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x13 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001f (31)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 31 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 23 (0x0017), SizeActual: 23 (0x0017) < XorMagic | Last >
HSOT Table: 2 Item(s)
[0] 0x00000000 [1] 0xFFFFFFFF
RopOpenFolder:
RopId unsigned char 0x02 (2)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000000)
OutputHandleIndex unsigned long 1 (HSOT=0xffffffff)
FID ID 26e1-000000ef3584
OpenModeFlags unsigned char 0x00 (0) < ReadOnly >
Raw ROP data in binary form:
0002: 02 00 00 01 E1 26 00 00 00 EF 35 84 00 - .....&....5..
SUCCESS: 1 ROP(s) processed
17:34:43.803 #00321 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0x13 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001f (31)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 31 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 23 (0x0017), SizeActual: 23 (0x0017) < XorMagic | Last >
HSOT Table: 2 Item(s)
[0] 0x00000000 [1] 0xFFFFFFFF
RopOpenFolder:
RopId unsigned char 0x02 (2)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000000)
OutputHandleIndex unsigned long 1 (HSOT=0xffffffff)
FID ID 26e1-000000ef3584
OpenModeFlags unsigned char 0x00 (0) < ReadOnly >
Raw ROP data in binary form:
0002: 02 00 00 01 E1 26 00 00 00 EF 35 84 00 - .....&....5..
SUCCESS: 1 ROP(s) processed
17:34:43.808 #00322 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0x13 RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:43.808 #00323 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0x13 RESPONSE: 0 ms Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
*pcbOut unsigned long 0x0000001a (26)
*pcbAux unsigned long 0x00000000 (0)
rgbAuxOut unsigned char[] 0 byte(s)
*pulTransTime unsigned long 0x00000000 (0)
[Return value] unsigned long 0x00000000 (ecNone)
rgbOut unsigned char[] 26 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 18 (0x0012), SizeActual: 18 (0x0012) < XorMagic | Last >
HSOT Table: 2 Item(s)
[0] 0x00000000 [1] 0x00000006
RopOpenFolder:
RopId unsigned char 0x02 (2)
OutputHandleIndex unsigned long 1 (HSOT=0x00000006)
ReturnValue unsigned long 0x00000000 (ecNone)
HasRulesFlag unsigned char 0x00 (0)
IsGhosted unsigned char 0x00 (0)
Raw ROP data in binary form:
0002: 02 01 00 00 00 00 00 00 - ........
SUCCESS: 1 ROP(s) processed in 0 chain(s)
17:34:43.809 #00324 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:43.985 #00325 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:43.987 #00326 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x14 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001b (27)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 27 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 19 (0x0013), SizeActual: 19 (0x0013) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000006
RopGetPropertiesSpecific:
RopId unsigned char 0x07 (7)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000006)
PropertySizeLimit unsigned short 0x0000 (0)
WantUnicode unsigned short 0x0001 (1)
PropertyTagCount unsigned short 0x0001 (1)
PropertyTags:
0x3613001e PidTagContainerClass
Raw ROP data in binary form:
0002: 07 00 00 00 00 01 00 01 00 1E 00 13 36 - ............6
SUCCESS: 1 ROP(s) processed
17:34:44.003 #00327 192.168.2.10:6001 192.168.2.20:22444 TCP/IP
17:34:44.003 #00328 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0x14 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001b (27)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 27 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 19 (0x0013), SizeActual: 19 (0x0013) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000006
RopGetPropertiesSpecific:
RopId unsigned char 0x07 (7)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000006)
PropertySizeLimit unsigned short 0x0000 (0)
WantUnicode unsigned short 0x0001 (1)
PropertyTagCount unsigned short 0x0001 (1)
PropertyTags:
0x3613001e PidTagContainerClass
Raw ROP data in binary form:
0002: 07 00 00 00 00 01 00 01 00 1E 00 13 36 - ............6
SUCCESS: 1 ROP(s) processed
17:34:44.006 #00329 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0x14 RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:44.006 #00330 192.168.2.20:22445 192.168.2.10:6001 TCP/IP
17:34:44.006 #00331 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0x14 RESPONSE: 0 ms Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
*pcbOut unsigned long 0x0000001e (30)
*pcbAux unsigned long 0x00000000 (0)
rgbAuxOut unsigned char[] 0 byte(s)
*pulTransTime unsigned long 0x00000000 (0)
[Return value] unsigned long 0x00000000 (ecNone)
rgbOut unsigned char[] 30 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 22 (0x0016), SizeActual: 22 (0x0016) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000006
RopGetPropertiesSpecific:
RopId unsigned char 0x07 (7)
InputHandleIndex unsigned long 0 (HSOT=0x00000006)
ReturnValue unsigned long 0x00000000 (ecNone)
RowDataCount unsigned short 0x0001 (1)
RowData PropertyValue[1]
Flag unsigned char 0x00 (0)
0x3613001e PidTagContainerClass PtypString8 IPF.Note
Raw ROP data in binary form:
0002: 07 00 00 00 00 00 00 49 50 46 2E 4E 6F 74 65 00 - .......IPF.Note.
SUCCESS: 1 ROP(s) processed in 0 chain(s)
17:34:44.007 #00332 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:44.207 #00333 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:44.207 #00334 192.168.2.10:6001 192.168.2.20:22444 TCP/IP
17:34:44.210 #00335 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x15 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x00000011 (17)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 17 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 9 (0x0009), SizeActual: 9 (0x0009) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000006
RopRelease:
RopId unsigned char 0x01 (1)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000006)
Raw ROP data in binary form:
0002: 01 00 00 - ...
SUCCESS: 1 ROP(s) processed
17:34:44.223 #00336 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0x15 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x00000011 (17)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 17 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 9 (0x0009), SizeActual: 9 (0x0009) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000006
RopRelease:
RopId unsigned char 0x01 (1)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000006)
Raw ROP data in binary form:
0002: 01 00 00 - ...
SUCCESS: 1 ROP(s) processed
17:34:44.224 #00337 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0x15 RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:44.224 #00338 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0x15 RESPONSE: 0 ms Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
*pcbOut unsigned long 0x0000000e (14)
*pcbAux unsigned long 0x00000000 (0)
rgbAuxOut unsigned char[] 0 byte(s)
*pulTransTime unsigned long 0x00000000 (0)
[Return value] unsigned long 0x00000000 (ecNone)
rgbOut unsigned char[] 14 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 6 (0x0006), SizeActual: 6 (0x0006) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x01FFFFFE
SUCCESS: 0 ROP(s) processed in 0 chain(s)
17:34:44.225 #00339 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:44.407 #00340 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:44.408 #00341 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x16 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001f (31)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 31 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 23 (0x0017), SizeActual: 23 (0x0017) < XorMagic | Last >
HSOT Table: 2 Item(s)
[0] 0x00000000 [1] 0xFFFFFFFF
RopOpenFolder:
RopId unsigned char 0x02 (2)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000000)
OutputHandleIndex unsigned long 1 (HSOT=0xffffffff)
FID ID 26e1-000000ef358c
OpenModeFlags unsigned char 0x00 (0) < ReadOnly >
Raw ROP data in binary form:
0002: 02 00 00 01 E1 26 00 00 00 EF 35 8C 00 - .....&....5..
SUCCESS: 1 ROP(s) processed
17:34:44.408 #00342 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0x16 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001f (31)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 31 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 23 (0x0017), SizeActual: 23 (0x0017) < XorMagic | Last >
HSOT Table: 2 Item(s)
[0] 0x00000000 [1] 0xFFFFFFFF
RopOpenFolder:
RopId unsigned char 0x02 (2)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000000)
OutputHandleIndex unsigned long 1 (HSOT=0xffffffff)
FID ID 26e1-000000ef358c
OpenModeFlags unsigned char 0x00 (0) < ReadOnly >
Raw ROP data in binary form:
0002: 02 00 00 01 E1 26 00 00 00 EF 35 8C 00 - .....&....5..
SUCCESS: 1 ROP(s) processed
17:34:44.408 #00343 192.168.2.10:6001 192.168.2.20:22444 TCP/IP
17:34:44.412 #00344 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0x16 RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:44.412 #00345 192.168.2.20:22445 192.168.2.10:6001 TCP/IP
17:34:44.412 #00346 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0x16 RESPONSE: 0 ms Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
*pcbOut unsigned long 0x0000001a (26)
*pcbAux unsigned long 0x00000000 (0)
rgbAuxOut unsigned char[] 0 byte(s)
*pulTransTime unsigned long 0x00000000 (0)
[Return value] unsigned long 0x00000000 (ecNone)
rgbOut unsigned char[] 26 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 18 (0x0012), SizeActual: 18 (0x0012) < XorMagic | Last >
HSOT Table: 2 Item(s)
[0] 0x00000000 [1] 0x00000007
RopOpenFolder:
RopId unsigned char 0x02 (2)
OutputHandleIndex unsigned long 1 (HSOT=0x00000007)
ReturnValue unsigned long 0x00000000 (ecNone)
HasRulesFlag unsigned char 0x00 (0)
IsGhosted unsigned char 0x00 (0)
Raw ROP data in binary form:
0002: 02 01 00 00 00 00 00 00 - ........
SUCCESS: 1 ROP(s) processed in 0 chain(s)
17:34:44.413 #00347 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:44.610 #00348 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:44.610 #00349 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x17 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001b (27)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 27 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 19 (0x0013), SizeActual: 19 (0x0013) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000007
RopGetPropertiesSpecific:
RopId unsigned char 0x07 (7)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000007)
PropertySizeLimit unsigned short 0x0000 (0)
WantUnicode unsigned short 0x0001 (1)
PropertyTagCount unsigned short 0x0001 (1)
PropertyTags:
0x3613001e PidTagContainerClass
Raw ROP data in binary form:
0002: 07 00 00 00 00 01 00 01 00 1E 00 13 36 - ............6
SUCCESS: 1 ROP(s) processed
17:34:44.611 #00350 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0x17 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001b (27)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 27 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 19 (0x0013), SizeActual: 19 (0x0013) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000007
RopGetPropertiesSpecific:
RopId unsigned char 0x07 (7)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000007)
PropertySizeLimit unsigned short 0x0000 (0)
WantUnicode unsigned short 0x0001 (1)
PropertyTagCount unsigned short 0x0001 (1)
PropertyTags:
0x3613001e PidTagContainerClass
Raw ROP data in binary form:
0002: 07 00 00 00 00 01 00 01 00 1E 00 13 36 - ............6
SUCCESS: 1 ROP(s) processed
17:34:44.614 #00351 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0x17 RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:44.614 #00352 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0x17 RESPONSE: 0 ms Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
*pcbOut unsigned long 0x0000001e (30)
*pcbAux unsigned long 0x00000000 (0)
rgbAuxOut unsigned char[] 0 byte(s)
*pulTransTime unsigned long 0x00000000 (0)
[Return value] unsigned long 0x00000000 (ecNone)
rgbOut unsigned char[] 30 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 22 (0x0016), SizeActual: 22 (0x0016) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000007
RopGetPropertiesSpecific:
RopId unsigned char 0x07 (7)
InputHandleIndex unsigned long 0 (HSOT=0x00000007)
ReturnValue unsigned long 0x00000000 (ecNone)
RowDataCount unsigned short 0x0001 (1)
RowData PropertyValue[1]
Flag unsigned char 0x00 (0)
0x3613001e PidTagContainerClass PtypString8 IPF.Note
Raw ROP data in binary form:
0002: 07 00 00 00 00 00 00 49 50 46 2E 4E 6F 74 65 00 - .......IPF.Note.
SUCCESS: 1 ROP(s) processed in 0 chain(s)
17:34:44.615 #00353 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:44.813 #00354 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:44.813 #00355 192.168.2.20:22445 192.168.2.10:6001 TCP/IP
17:34:44.813 #00356 192.168.2.10:6001 192.168.2.20:22444 TCP/IP
17:34:44.815 #00357 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x18 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x00000011 (17)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 17 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 9 (0x0009), SizeActual: 9 (0x0009) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000007
RopRelease:
RopId unsigned char 0x01 (1)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000007)
Raw ROP data in binary form:
0002: 01 00 00 - ...
SUCCESS: 1 ROP(s) processed
17:34:44.820 #00358 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0x18 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x00000011 (17)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 17 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 9 (0x0009), SizeActual: 9 (0x0009) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000007
RopRelease:
RopId unsigned char 0x01 (1)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000007)
Raw ROP data in binary form:
0002: 01 00 00 - ...
SUCCESS: 1 ROP(s) processed
17:34:44.821 #00359 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0x18 RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:44.822 #00360 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0x18 RESPONSE: 0 ms Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
*pcbOut unsigned long 0x0000000e (14)
*pcbAux unsigned long 0x00000000 (0)
rgbAuxOut unsigned char[] 0 byte(s)
*pulTransTime unsigned long 0x00000000 (0)
[Return value] unsigned long 0x00000000 (ecNone)
rgbOut unsigned char[] 14 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 6 (0x0006), SizeActual: 6 (0x0006) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x01FFFFFE
SUCCESS: 0 ROP(s) processed in 0 chain(s)
17:34:44.822 #00361 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:45.015 #00362 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:45.015 #00363 192.168.2.20:22445 192.168.2.10:6001 TCP/IP
17:34:45.015 #00364 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x19 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001f (31)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 31 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 23 (0x0017), SizeActual: 23 (0x0017) < XorMagic | Last >
HSOT Table: 2 Item(s)
[0] 0x00000000 [1] 0xFFFFFFFF
RopOpenFolder:
RopId unsigned char 0x02 (2)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000000)
OutputHandleIndex unsigned long 1 (HSOT=0xffffffff)
FID ID 26e1-000000ef3581
OpenModeFlags unsigned char 0x00 (0) < ReadOnly >
Raw ROP data in binary form:
0002: 02 00 00 01 E1 26 00 00 00 EF 35 81 00 - .....&....5..
SUCCESS: 1 ROP(s) processed
17:34:45.015 #00365 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0x19 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001f (31)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 31 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 23 (0x0017), SizeActual: 23 (0x0017) < XorMagic | Last >
HSOT Table: 2 Item(s)
[0] 0x00000000 [1] 0xFFFFFFFF
RopOpenFolder:
RopId unsigned char 0x02 (2)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000000)
OutputHandleIndex unsigned long 1 (HSOT=0xffffffff)
FID ID 26e1-000000ef3581
OpenModeFlags unsigned char 0x00 (0) < ReadOnly >
Raw ROP data in binary form:
0002: 02 00 00 01 E1 26 00 00 00 EF 35 81 00 - .....&....5..
SUCCESS: 1 ROP(s) processed
17:34:45.016 #00366 192.168.2.10:6001 192.168.2.20:22444 TCP/IP
17:34:45.017 #00367 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0x19 RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:45.017 #00368 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0x19 RESPONSE: 0 ms Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
*pcbOut unsigned long 0x0000001a (26)
*pcbAux unsigned long 0x00000000 (0)
rgbAuxOut unsigned char[] 0 byte(s)
*pulTransTime unsigned long 0x00000000 (0)
[Return value] unsigned long 0x00000000 (ecNone)
rgbOut unsigned char[] 26 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 18 (0x0012), SizeActual: 18 (0x0012) < XorMagic | Last >
HSOT Table: 2 Item(s)
[0] 0x00000000 [1] 0x00000008
RopOpenFolder:
RopId unsigned char 0x02 (2)
OutputHandleIndex unsigned long 1 (HSOT=0x00000008)
ReturnValue unsigned long 0x00000000 (ecNone)
HasRulesFlag unsigned char 0x00 (0)
IsGhosted unsigned char 0x00 (0)
Raw ROP data in binary form:
0002: 02 01 00 00 00 00 00 00 - ........
SUCCESS: 1 ROP(s) processed in 0 chain(s)
17:34:45.018 #00369 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:45.218 #00370 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:45.218 #00371 192.168.2.20:22445 192.168.2.10:6001 TCP/IP
17:34:45.219 #00372 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x1a REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001b (27)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 27 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 19 (0x0013), SizeActual: 19 (0x0013) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000008
RopGetPropertiesSpecific:
RopId unsigned char 0x07 (7)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000008)
PropertySizeLimit unsigned short 0x0000 (0)
WantUnicode unsigned short 0x0001 (1)
PropertyTagCount unsigned short 0x0001 (1)
PropertyTags:
0x3613001e PidTagContainerClass
Raw ROP data in binary form:
0002: 07 00 00 00 00 01 00 01 00 1E 00 13 36 - ............6
SUCCESS: 1 ROP(s) processed
17:34:45.220 #00373 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0x1a REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001b (27)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 27 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 19 (0x0013), SizeActual: 19 (0x0013) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000008
RopGetPropertiesSpecific:
RopId unsigned char 0x07 (7)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000008)
PropertySizeLimit unsigned short 0x0000 (0)
WantUnicode unsigned short 0x0001 (1)
PropertyTagCount unsigned short 0x0001 (1)
PropertyTags:
0x3613001e PidTagContainerClass
Raw ROP data in binary form:
0002: 07 00 00 00 00 01 00 01 00 1E 00 13 36 - ............6
SUCCESS: 1 ROP(s) processed
17:34:45.224 #00374 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0x1a RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:45.224 #00375 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0x1a RESPONSE: 0 ms Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
*pcbOut unsigned long 0x0000001e (30)
*pcbAux unsigned long 0x00000000 (0)
rgbAuxOut unsigned char[] 0 byte(s)
*pulTransTime unsigned long 0x00000000 (0)
[Return value] unsigned long 0x00000000 (ecNone)
rgbOut unsigned char[] 30 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 22 (0x0016), SizeActual: 22 (0x0016) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000008
RopGetPropertiesSpecific:
RopId unsigned char 0x07 (7)
InputHandleIndex unsigned long 0 (HSOT=0x00000008)
ReturnValue unsigned long 0x00000000 (ecNone)
RowDataCount unsigned short 0x0001 (1)
RowData PropertyValue[1]
Flag unsigned char 0x00 (0)
0x3613001e PidTagContainerClass PtypString8 IPF.Note
Raw ROP data in binary form:
0002: 07 00 00 00 00 00 00 49 50 46 2E 4E 6F 74 65 00 - .......IPF.Note.
SUCCESS: 1 ROP(s) processed in 0 chain(s)
17:34:45.225 #00376 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:45.422 #00377 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:45.422 #00378 192.168.2.10:6001 192.168.2.20:22444 TCP/IP
17:34:45.423 #00379 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x1b REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x00000011 (17)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 17 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 9 (0x0009), SizeActual: 9 (0x0009) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000008
RopRelease:
RopId unsigned char 0x01 (1)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000008)
Raw ROP data in binary form:
0002: 01 00 00 - ...
SUCCESS: 1 ROP(s) processed
17:34:45.423 #00380 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0x1b REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x00000011 (17)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 17 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 9 (0x0009), SizeActual: 9 (0x0009) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000008
RopRelease:
RopId unsigned char 0x01 (1)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000008)
Raw ROP data in binary form:
0002: 01 00 00 - ...
SUCCESS: 1 ROP(s) processed
17:34:45.424 #00381 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0x1b RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:45.424 #00382 192.168.2.20:22445 192.168.2.10:6001 TCP/IP
17:34:45.424 #00383 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0x1b RESPONSE: 0 ms Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
*pcbOut unsigned long 0x0000000e (14)
*pcbAux unsigned long 0x00000000 (0)
rgbAuxOut unsigned char[] 0 byte(s)
*pulTransTime unsigned long 0x00000000 (0)
[Return value] unsigned long 0x00000000 (ecNone)
rgbOut unsigned char[] 14 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 6 (0x0006), SizeActual: 6 (0x0006) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x01FFFFFE
SUCCESS: 0 ROP(s) processed in 0 chain(s)
17:34:45.424 #00384 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:45.624 #00385 192.168.2.10:6001 192.168.2.20:22444 TCP/IP
17:34:45.639 #00386 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:45.640 #00387 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x1c REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001f (31)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 31 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 23 (0x0017), SizeActual: 23 (0x0017) < XorMagic | Last >
HSOT Table: 2 Item(s)
[0] 0x00000000 [1] 0xFFFFFFFF
RopOpenFolder:
RopId unsigned char 0x02 (2)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000000)
OutputHandleIndex unsigned long 1 (HSOT=0xffffffff)
FID ID 26e1-000000ef358d
OpenModeFlags unsigned char 0x00 (0) < ReadOnly >
Raw ROP data in binary form:
0002: 02 00 00 01 E1 26 00 00 00 EF 35 8D 00 - .....&....5..
SUCCESS: 1 ROP(s) processed
17:34:45.640 #00388 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0x1c REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001f (31)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 31 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 23 (0x0017), SizeActual: 23 (0x0017) < XorMagic | Last >
HSOT Table: 2 Item(s)
[0] 0x00000000 [1] 0xFFFFFFFF
RopOpenFolder:
RopId unsigned char 0x02 (2)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000000)
OutputHandleIndex unsigned long 1 (HSOT=0xffffffff)
FID ID 26e1-000000ef358d
OpenModeFlags unsigned char 0x00 (0) < ReadOnly >
Raw ROP data in binary form:
0002: 02 00 00 01 E1 26 00 00 00 EF 35 8D 00 - .....&....5..
SUCCESS: 1 ROP(s) processed
17:34:45.642 #00389 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0x1c RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:45.642 #00390 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0x1c RESPONSE: 0 ms Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
*pcbOut unsigned long 0x0000001a (26)
*pcbAux unsigned long 0x00000000 (0)
rgbAuxOut unsigned char[] 0 byte(s)
*pulTransTime unsigned long 0x00000000 (0)
[Return value] unsigned long 0x00000000 (ecNone)
rgbOut unsigned char[] 26 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 18 (0x0012), SizeActual: 18 (0x0012) < XorMagic | Last >
HSOT Table: 2 Item(s)
[0] 0x00000000 [1] 0x00000009
RopOpenFolder:
RopId unsigned char 0x02 (2)
OutputHandleIndex unsigned long 1 (HSOT=0x00000009)
ReturnValue unsigned long 0x00000000 (ecNone)
HasRulesFlag unsigned char 0x00 (0)
IsGhosted unsigned char 0x00 (0)
Raw ROP data in binary form:
0002: 02 01 00 00 00 00 00 00 - ........
SUCCESS: 1 ROP(s) processed in 0 chain(s)
17:34:45.643 #00391 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:45.842 #00392 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:45.842 #00393 192.168.2.20:22445 192.168.2.10:6001 TCP/IP
17:34:45.842 #00394 192.168.2.10:6001 192.168.2.20:22444 TCP/IP
17:34:45.843 #00395 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x1d REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001b (27)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 27 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 19 (0x0013), SizeActual: 19 (0x0013) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000009
RopGetPropertiesSpecific:
RopId unsigned char 0x07 (7)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000009)
PropertySizeLimit unsigned short 0x0000 (0)
WantUnicode unsigned short 0x0001 (1)
PropertyTagCount unsigned short 0x0001 (1)
PropertyTags:
0x3613001e PidTagContainerClass
Raw ROP data in binary form:
0002: 07 00 00 00 00 01 00 01 00 1E 00 13 36 - ............6
SUCCESS: 1 ROP(s) processed
17:34:45.843 #00396 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0x1d REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001b (27)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 27 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 19 (0x0013), SizeActual: 19 (0x0013) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000009
RopGetPropertiesSpecific:
RopId unsigned char 0x07 (7)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000009)
PropertySizeLimit unsigned short 0x0000 (0)
WantUnicode unsigned short 0x0001 (1)
PropertyTagCount unsigned short 0x0001 (1)
PropertyTags:
0x3613001e PidTagContainerClass
Raw ROP data in binary form:
0002: 07 00 00 00 00 01 00 01 00 1E 00 13 36 - ............6
SUCCESS: 1 ROP(s) processed
17:34:45.847 #00397 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0x1d RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:45.847 #00398 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0x1d RESPONSE: 0 ms Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
*pcbOut unsigned long 0x00000021 (33)
*pcbAux unsigned long 0x00000000 (0)
rgbAuxOut unsigned char[] 0 byte(s)
*pulTransTime unsigned long 0x00000000 (0)
[Return value] unsigned long 0x00000000 (ecNone)
rgbOut unsigned char[] 33 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 25 (0x0019), SizeActual: 25 (0x0019) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000009
RopGetPropertiesSpecific:
RopId unsigned char 0x07 (7)
InputHandleIndex unsigned long 0 (HSOT=0x00000009)
ReturnValue unsigned long 0x00000000 (ecNone)
RowDataCount unsigned short 0x0001 (1)
RowData PropertyValue[1]
Flag unsigned char 0x00 (0)
0x3613001e PidTagContainerClass PtypString8 IPF.Journal
Raw ROP data in binary form:
0002: 07 00 00 00 00 00 00 49 50 46 2E 4A 6F 75 72 6E - .......IPF.Journ
0012: 61 6C 00 - al.
SUCCESS: 1 ROP(s) processed in 0 chain(s)
17:34:45.847 #00399 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:46.045 #00400 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:46.045 #00401 192.168.2.20:22445 192.168.2.10:6001 TCP/IP
17:34:46.045 #00402 192.168.2.10:6001 192.168.2.20:22444 TCP/IP
17:34:46.046 #00403 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x1e REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x00000011 (17)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 17 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 9 (0x0009), SizeActual: 9 (0x0009) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000009
RopRelease:
RopId unsigned char 0x01 (1)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000009)
Raw ROP data in binary form:
0002: 01 00 00 - ...
SUCCESS: 1 ROP(s) processed
17:34:46.046 #00404 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0x1e REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x00000011 (17)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 17 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 9 (0x0009), SizeActual: 9 (0x0009) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000009
RopRelease:
RopId unsigned char 0x01 (1)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000009)
Raw ROP data in binary form:
0002: 01 00 00 - ...
SUCCESS: 1 ROP(s) processed
17:34:46.047 #00405 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0x1e RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:46.048 #00406 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0x1e RESPONSE: 0 ms Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
*pcbOut unsigned long 0x0000000e (14)
*pcbAux unsigned long 0x00000000 (0)
rgbAuxOut unsigned char[] 0 byte(s)
*pulTransTime unsigned long 0x00000000 (0)
[Return value] unsigned long 0x00000000 (ecNone)
rgbOut unsigned char[] 14 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 6 (0x0006), SizeActual: 6 (0x0006) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x01FFFFFE
SUCCESS: 0 ROP(s) processed in 0 chain(s)
17:34:46.048 #00407 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:46.248 #00408 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:46.248 #00409 192.168.2.20:22445 192.168.2.10:6001 TCP/IP
17:34:46.248 #00410 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x1f REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001f (31)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 31 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 23 (0x0017), SizeActual: 23 (0x0017) < XorMagic | Last >
HSOT Table: 2 Item(s)
[0] 0x00000000 [1] 0xFFFFFFFF
RopOpenFolder:
RopId unsigned char 0x02 (2)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000000)
OutputHandleIndex unsigned long 1 (HSOT=0xffffffff)
FID ID 26e1-000000ef35bd
OpenModeFlags unsigned char 0x00 (0) < ReadOnly >
Raw ROP data in binary form:
0002: 02 00 00 01 E1 26 00 00 00 EF 35 BD 00 - .....&....5..
SUCCESS: 1 ROP(s) processed
17:34:46.249 #00411 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0x1f REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001f (31)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 31 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 23 (0x0017), SizeActual: 23 (0x0017) < XorMagic | Last >
HSOT Table: 2 Item(s)
[0] 0x00000000 [1] 0xFFFFFFFF
RopOpenFolder:
RopId unsigned char 0x02 (2)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000000)
OutputHandleIndex unsigned long 1 (HSOT=0xffffffff)
FID ID 26e1-000000ef35bd
OpenModeFlags unsigned char 0x00 (0) < ReadOnly >
Raw ROP data in binary form:
0002: 02 00 00 01 E1 26 00 00 00 EF 35 BD 00 - .....&....5..
SUCCESS: 1 ROP(s) processed
17:34:46.249 #00412 192.168.2.10:6001 192.168.2.20:22444 TCP/IP
17:34:46.254 #00413 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0x1f RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:46.254 #00414 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0x1f RESPONSE: 0 ms Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
*pcbOut unsigned long 0x0000001a (26)
*pcbAux unsigned long 0x00000000 (0)
rgbAuxOut unsigned char[] 0 byte(s)
*pulTransTime unsigned long 0x00000000 (0)
[Return value] unsigned long 0x00000000 (ecNone)
rgbOut unsigned char[] 26 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 18 (0x0012), SizeActual: 18 (0x0012) < XorMagic | Last >
HSOT Table: 2 Item(s)
[0] 0x00000000 [1] 0x0000000A
RopOpenFolder:
RopId unsigned char 0x02 (2)
OutputHandleIndex unsigned long 1 (HSOT=0x0000000a)
ReturnValue unsigned long 0x00000000 (ecNone)
HasRulesFlag unsigned char 0x00 (0)
IsGhosted unsigned char 0x00 (0)
Raw ROP data in binary form:
0002: 02 01 00 00 00 00 00 00 - ........
SUCCESS: 1 ROP(s) processed in 0 chain(s)
17:34:46.255 #00415 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:46.450 #00416 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:46.451 #00417 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x20 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001b (27)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 27 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 19 (0x0013), SizeActual: 19 (0x0013) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x0000000A
RopGetPropertiesSpecific:
RopId unsigned char 0x07 (7)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x0000000a)
PropertySizeLimit unsigned short 0x0000 (0)
WantUnicode unsigned short 0x0001 (1)
PropertyTagCount unsigned short 0x0001 (1)
PropertyTags:
0x3613001e PidTagContainerClass
Raw ROP data in binary form:
0002: 07 00 00 00 00 01 00 01 00 1E 00 13 36 - ............6
SUCCESS: 1 ROP(s) processed
17:34:46.451 #00418 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0x20 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001b (27)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 27 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 19 (0x0013), SizeActual: 19 (0x0013) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x0000000A
RopGetPropertiesSpecific:
RopId unsigned char 0x07 (7)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x0000000a)
PropertySizeLimit unsigned short 0x0000 (0)
WantUnicode unsigned short 0x0001 (1)
PropertyTagCount unsigned short 0x0001 (1)
PropertyTags:
0x3613001e PidTagContainerClass
Raw ROP data in binary form:
0002: 07 00 00 00 00 01 00 01 00 1E 00 13 36 - ............6
SUCCESS: 1 ROP(s) processed
17:34:46.452 #00419 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0x20 RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:46.452 #00420 192.168.2.20:22445 192.168.2.10:6001 TCP/IP
17:34:46.453 #00421 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0x20 RESPONSE: 0 ms Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
*pcbOut unsigned long 0x0000001e (30)
*pcbAux unsigned long 0x00000000 (0)
rgbAuxOut unsigned char[] 0 byte(s)
*pulTransTime unsigned long 0x00000000 (0)
[Return value] unsigned long 0x00000000 (ecNone)
rgbOut unsigned char[] 30 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 22 (0x0016), SizeActual: 22 (0x0016) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x0000000A
RopGetPropertiesSpecific:
RopId unsigned char 0x07 (7)
InputHandleIndex unsigned long 0 (HSOT=0x0000000a)
ReturnValue unsigned long 0x00000000 (ecNone)
RowDataCount unsigned short 0x0001 (1)
RowData PropertyValue[1]
Flag unsigned char 0x00 (0)
0x3613001e PidTagContainerClass PtypString8 IPF.Note
Raw ROP data in binary form:
0002: 07 00 00 00 00 00 00 49 50 46 2E 4E 6F 74 65 00 - .......IPF.Note.
SUCCESS: 1 ROP(s) processed in 0 chain(s)
17:34:46.453 #00422 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:46.653 #00423 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:46.653 #00424 192.168.2.10:6001 192.168.2.20:22444 TCP/IP
17:34:46.653 #00425 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x21 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x00000011 (17)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 17 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 9 (0x0009), SizeActual: 9 (0x0009) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x0000000A
RopRelease:
RopId unsigned char 0x01 (1)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x0000000a)
Raw ROP data in binary form:
0002: 01 00 00 - ...
SUCCESS: 1 ROP(s) processed
17:34:46.653 #00426 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0x21 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x00000011 (17)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 17 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 9 (0x0009), SizeActual: 9 (0x0009) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x0000000A
RopRelease:
RopId unsigned char 0x01 (1)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x0000000a)
Raw ROP data in binary form:
0002: 01 00 00 - ...
SUCCESS: 1 ROP(s) processed
17:34:46.654 #00427 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0x21 RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:46.654 #00428 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0x21 RESPONSE: 0 ms Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
*pcbOut unsigned long 0x0000000e (14)
*pcbAux unsigned long 0x00000000 (0)
rgbAuxOut unsigned char[] 0 byte(s)
*pulTransTime unsigned long 0x00000000 (0)
[Return value] unsigned long 0x00000000 (ecNone)
rgbOut unsigned char[] 14 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 6 (0x0006), SizeActual: 6 (0x0006) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x01FFFFFE
SUCCESS: 0 ROP(s) processed in 0 chain(s)
17:34:46.654 #00429 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:46.856 #00430 192.168.2.10:6001 192.168.2.20:22444 TCP/IP
17:34:46.871 #00431 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:46.871 #00432 192.168.2.20:22445 192.168.2.10:6001 TCP/IP
17:34:46.872 #00433 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x22 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001f (31)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 31 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 23 (0x0017), SizeActual: 23 (0x0017) < XorMagic | Last >
HSOT Table: 2 Item(s)
[0] 0x00000000 [1] 0xFFFFFFFF
RopOpenFolder:
RopId unsigned char 0x02 (2)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000000)
OutputHandleIndex unsigned long 1 (HSOT=0xffffffff)
FID ID 26e1-000000ef358e
OpenModeFlags unsigned char 0x00 (0) < ReadOnly >
Raw ROP data in binary form:
0002: 02 00 00 01 E1 26 00 00 00 EF 35 8E 00 - .....&....5..
SUCCESS: 1 ROP(s) processed
17:34:46.872 #00434 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0x22 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001f (31)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 31 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 23 (0x0017), SizeActual: 23 (0x0017) < XorMagic | Last >
HSOT Table: 2 Item(s)
[0] 0x00000000 [1] 0xFFFFFFFF
RopOpenFolder:
RopId unsigned char 0x02 (2)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000000)
OutputHandleIndex unsigned long 1 (HSOT=0xffffffff)
FID ID 26e1-000000ef358e
OpenModeFlags unsigned char 0x00 (0) < ReadOnly >
Raw ROP data in binary form:
0002: 02 00 00 01 E1 26 00 00 00 EF 35 8E 00 - .....&....5..
SUCCESS: 1 ROP(s) processed
17:34:46.876 #00435 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0x22 RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:46.876 #00436 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0x22 RESPONSE: 0 ms Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
*pcbOut unsigned long 0x0000001a (26)
*pcbAux unsigned long 0x00000000 (0)
rgbAuxOut unsigned char[] 0 byte(s)
*pulTransTime unsigned long 0x00000000 (0)
[Return value] unsigned long 0x00000000 (ecNone)
rgbOut unsigned char[] 26 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 18 (0x0012), SizeActual: 18 (0x0012) < XorMagic | Last >
HSOT Table: 2 Item(s)
[0] 0x00000000 [1] 0x0000000B
RopOpenFolder:
RopId unsigned char 0x02 (2)
OutputHandleIndex unsigned long 1 (HSOT=0x0000000b)
ReturnValue unsigned long 0x00000000 (ecNone)
HasRulesFlag unsigned char 0x00 (0)
IsGhosted unsigned char 0x00 (0)
Raw ROP data in binary form:
0002: 02 01 00 00 00 00 00 00 - ........
SUCCESS: 1 ROP(s) processed in 0 chain(s)
17:34:46.876 #00437 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:47.074 #00438 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:47.074 #00439 192.168.2.20:22445 192.168.2.10:6001 TCP/IP
17:34:47.074 #00440 192.168.2.10:6001 192.168.2.20:22444 TCP/IP
17:34:47.075 #00441 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x23 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001b (27)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 27 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 19 (0x0013), SizeActual: 19 (0x0013) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x0000000B
RopGetPropertiesSpecific:
RopId unsigned char 0x07 (7)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x0000000b)
PropertySizeLimit unsigned short 0x0000 (0)
WantUnicode unsigned short 0x0001 (1)
PropertyTagCount unsigned short 0x0001 (1)
PropertyTags:
0x3613001e PidTagContainerClass
Raw ROP data in binary form:
0002: 07 00 00 00 00 01 00 01 00 1E 00 13 36 - ............6
SUCCESS: 1 ROP(s) processed
17:34:47.075 #00442 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0x23 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001b (27)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 27 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 19 (0x0013), SizeActual: 19 (0x0013) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x0000000B
RopGetPropertiesSpecific:
RopId unsigned char 0x07 (7)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x0000000b)
PropertySizeLimit unsigned short 0x0000 (0)
WantUnicode unsigned short 0x0001 (1)
PropertyTagCount unsigned short 0x0001 (1)
PropertyTags:
0x3613001e PidTagContainerClass
Raw ROP data in binary form:
0002: 07 00 00 00 00 01 00 01 00 1E 00 13 36 - ............6
SUCCESS: 1 ROP(s) processed
17:34:47.078 #00443 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0x23 RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:47.079 #00444 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0x23 RESPONSE: 0 ms Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
*pcbOut unsigned long 0x00000024 (36)
*pcbAux unsigned long 0x00000000 (0)
rgbAuxOut unsigned char[] 0 byte(s)
*pulTransTime unsigned long 0x00000000 (0)
[Return value] unsigned long 0x00000000 (ecNone)
rgbOut unsigned char[] 36 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 28 (0x001c), SizeActual: 28 (0x001c) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x0000000B
RopGetPropertiesSpecific:
RopId unsigned char 0x07 (7)
InputHandleIndex unsigned long 0 (HSOT=0x0000000b)
ReturnValue unsigned long 0x00000000 (ecNone)
RowDataCount unsigned short 0x0001 (1)
RowData PropertyValue[1]
Flag unsigned char 0x00 (0)
0x3613001e PidTagContainerClass PtypString8 IPF.StickyNote
Raw ROP data in binary form:
0002: 07 00 00 00 00 00 00 49 50 46 2E 53 74 69 63 6B - .......IPF.Stick
0012: 79 4E 6F 74 65 00 - yNote.
SUCCESS: 1 ROP(s) processed in 0 chain(s)
17:34:47.079 #00445 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:47.277 #00446 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:47.277 #00447 192.168.2.20:22445 192.168.2.10:6001 TCP/IP
17:34:47.277 #00448 192.168.2.10:6001 192.168.2.20:22444 TCP/IP
17:34:47.277 #00449 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x24 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x00000011 (17)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 17 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 9 (0x0009), SizeActual: 9 (0x0009) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x0000000B
RopRelease:
RopId unsigned char 0x01 (1)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x0000000b)
Raw ROP data in binary form:
0002: 01 00 00 - ...
SUCCESS: 1 ROP(s) processed
17:34:47.278 #00450 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0x24 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x00000011 (17)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 17 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 9 (0x0009), SizeActual: 9 (0x0009) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x0000000B
RopRelease:
RopId unsigned char 0x01 (1)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x0000000b)
Raw ROP data in binary form:
0002: 01 00 00 - ...
SUCCESS: 1 ROP(s) processed
17:34:47.279 #00451 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0x24 RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:47.279 #00452 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0x24 RESPONSE: 0 ms Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
*pcbOut unsigned long 0x0000000e (14)
*pcbAux unsigned long 0x00000000 (0)
rgbAuxOut unsigned char[] 0 byte(s)
*pulTransTime unsigned long 0x00000000 (0)
[Return value] unsigned long 0x00000000 (ecNone)
rgbOut unsigned char[] 14 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 6 (0x0006), SizeActual: 6 (0x0006) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x01FFFFFE
SUCCESS: 0 ROP(s) processed in 0 chain(s)
17:34:47.279 #00453 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:47.480 #00454 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:47.480 #00455 192.168.2.20:22445 192.168.2.10:6001 TCP/IP
17:34:47.480 #00456 192.168.2.10:6001 192.168.2.20:22444 TCP/IP
17:34:47.481 #00457 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x25 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001f (31)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 31 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 23 (0x0017), SizeActual: 23 (0x0017) < XorMagic | Last >
HSOT Table: 2 Item(s)
[0] 0x00000000 [1] 0xFFFFFFFF
RopOpenFolder:
RopId unsigned char 0x02 (2)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000000)
OutputHandleIndex unsigned long 1 (HSOT=0xffffffff)
FID ID 26e1-000000ef3582
OpenModeFlags unsigned char 0x00 (0) < ReadOnly >
Raw ROP data in binary form:
0002: 02 00 00 01 E1 26 00 00 00 EF 35 82 00 - .....&....5..
SUCCESS: 1 ROP(s) processed
17:34:47.481 #00458 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0x25 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001f (31)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 31 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 23 (0x0017), SizeActual: 23 (0x0017) < XorMagic | Last >
HSOT Table: 2 Item(s)
[0] 0x00000000 [1] 0xFFFFFFFF
RopOpenFolder:
RopId unsigned char 0x02 (2)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000000)
OutputHandleIndex unsigned long 1 (HSOT=0xffffffff)
FID ID 26e1-000000ef3582
OpenModeFlags unsigned char 0x00 (0) < ReadOnly >
Raw ROP data in binary form:
0002: 02 00 00 01 E1 26 00 00 00 EF 35 82 00 - .....&....5..
SUCCESS: 1 ROP(s) processed
17:34:47.485 #00459 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0x25 RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:47.485 #00460 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0x25 RESPONSE: 0 ms Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
*pcbOut unsigned long 0x0000001a (26)
*pcbAux unsigned long 0x00000000 (0)
rgbAuxOut unsigned char[] 0 byte(s)
*pulTransTime unsigned long 0x00000000 (0)
[Return value] unsigned long 0x00000000 (ecNone)
rgbOut unsigned char[] 26 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 18 (0x0012), SizeActual: 18 (0x0012) < XorMagic | Last >
HSOT Table: 2 Item(s)
[0] 0x00000000 [1] 0x0000000C
RopOpenFolder:
RopId unsigned char 0x02 (2)
OutputHandleIndex unsigned long 1 (HSOT=0x0000000c)
ReturnValue unsigned long 0x00000000 (ecNone)
HasRulesFlag unsigned char 0x00 (0)
IsGhosted unsigned char 0x00 (0)
Raw ROP data in binary form:
0002: 02 01 00 00 00 00 00 00 - ........
SUCCESS: 1 ROP(s) processed in 0 chain(s)
17:34:47.486 #00461 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:47.683 #00462 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:47.683 #00463 192.168.2.10:6001 192.168.2.20:22444 TCP/IP
17:34:47.683 #00464 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x26 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001b (27)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 27 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 19 (0x0013), SizeActual: 19 (0x0013) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x0000000C
RopGetPropertiesSpecific:
RopId unsigned char 0x07 (7)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x0000000c)
PropertySizeLimit unsigned short 0x0000 (0)
WantUnicode unsigned short 0x0001 (1)
PropertyTagCount unsigned short 0x0001 (1)
PropertyTags:
0x3613001e PidTagContainerClass
Raw ROP data in binary form:
0002: 07 00 00 00 00 01 00 01 00 1E 00 13 36 - ............6
SUCCESS: 1 ROP(s) processed
17:34:47.684 #00465 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0x26 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001b (27)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 27 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 19 (0x0013), SizeActual: 19 (0x0013) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x0000000C
RopGetPropertiesSpecific:
RopId unsigned char 0x07 (7)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x0000000c)
PropertySizeLimit unsigned short 0x0000 (0)
WantUnicode unsigned short 0x0001 (1)
PropertyTagCount unsigned short 0x0001 (1)
PropertyTags:
0x3613001e PidTagContainerClass
Raw ROP data in binary form:
0002: 07 00 00 00 00 01 00 01 00 1E 00 13 36 - ............6
SUCCESS: 1 ROP(s) processed
17:34:47.687 #00466 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0x26 RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:47.687 #00467 192.168.2.20:22445 192.168.2.10:6001 TCP/IP
17:34:47.688 #00468 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0x26 RESPONSE: 0 ms Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
*pcbOut unsigned long 0x0000001e (30)
*pcbAux unsigned long 0x00000000 (0)
rgbAuxOut unsigned char[] 0 byte(s)
*pulTransTime unsigned long 0x00000000 (0)
[Return value] unsigned long 0x00000000 (ecNone)
rgbOut unsigned char[] 30 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 22 (0x0016), SizeActual: 22 (0x0016) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x0000000C
RopGetPropertiesSpecific:
RopId unsigned char 0x07 (7)
InputHandleIndex unsigned long 0 (HSOT=0x0000000c)
ReturnValue unsigned long 0x00000000 (ecNone)
RowDataCount unsigned short 0x0001 (1)
RowData PropertyValue[1]
Flag unsigned char 0x00 (0)
0x3613001e PidTagContainerClass PtypString8 IPF.Note
Raw ROP data in binary form:
0002: 07 00 00 00 00 00 00 49 50 46 2E 4E 6F 74 65 00 - .......IPF.Note.
SUCCESS: 1 ROP(s) processed in 0 chain(s)
17:34:47.689 #00469 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:47.886 #00470 192.168.2.10:6001 192.168.2.20:22444 TCP/IP
17:34:47.901 #00471 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:47.902 #00472 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x27 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x00000011 (17)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 17 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 9 (0x0009), SizeActual: 9 (0x0009) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x0000000C
RopRelease:
RopId unsigned char 0x01 (1)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x0000000c)
Raw ROP data in binary form:
0002: 01 00 00 - ...
SUCCESS: 1 ROP(s) processed
17:34:47.902 #00473 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0x27 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x00000011 (17)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 17 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 9 (0x0009), SizeActual: 9 (0x0009) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x0000000C
RopRelease:
RopId unsigned char 0x01 (1)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x0000000c)
Raw ROP data in binary form:
0002: 01 00 00 - ...
SUCCESS: 1 ROP(s) processed
17:34:47.904 #00474 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0x27 RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:47.904 #00475 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0x27 RESPONSE: 0 ms Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
*pcbOut unsigned long 0x0000000e (14)
*pcbAux unsigned long 0x00000000 (0)
rgbAuxOut unsigned char[] 0 byte(s)
*pulTransTime unsigned long 0x00000000 (0)
[Return value] unsigned long 0x00000000 (ecNone)
rgbOut unsigned char[] 14 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 6 (0x0006), SizeActual: 6 (0x0006) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x01FFFFFE
SUCCESS: 0 ROP(s) processed in 0 chain(s)
17:34:47.905 #00476 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:48.104 #00477 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:48.104 #00478 192.168.2.20:22445 192.168.2.10:6001 TCP/IP
17:34:48.104 #00479 192.168.2.10:6001 192.168.2.20:22444 TCP/IP
17:34:48.105 #00480 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x28 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001f (31)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 31 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 23 (0x0017), SizeActual: 23 (0x0017) < XorMagic | Last >
HSOT Table: 2 Item(s)
[0] 0x00000000 [1] 0xFFFFFFFF
RopOpenFolder:
RopId unsigned char 0x02 (2)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000000)
OutputHandleIndex unsigned long 1 (HSOT=0xffffffff)
FID ID 26e1-000000ef3583
OpenModeFlags unsigned char 0x00 (0) < ReadOnly >
Raw ROP data in binary form:
0002: 02 00 00 01 E1 26 00 00 00 EF 35 83 00 - .....&....5..
SUCCESS: 1 ROP(s) processed
17:34:48.106 #00481 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0x28 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001f (31)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 31 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 23 (0x0017), SizeActual: 23 (0x0017) < XorMagic | Last >
HSOT Table: 2 Item(s)
[0] 0x00000000 [1] 0xFFFFFFFF
RopOpenFolder:
RopId unsigned char 0x02 (2)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000000)
OutputHandleIndex unsigned long 1 (HSOT=0xffffffff)
FID ID 26e1-000000ef3583
OpenModeFlags unsigned char 0x00 (0) < ReadOnly >
Raw ROP data in binary form:
0002: 02 00 00 01 E1 26 00 00 00 EF 35 83 00 - .....&....5..
SUCCESS: 1 ROP(s) processed
17:34:48.111 #00482 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0x28 RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:48.111 #00483 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0x28 RESPONSE: 0 ms Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
*pcbOut unsigned long 0x0000001a (26)
*pcbAux unsigned long 0x00000000 (0)
rgbAuxOut unsigned char[] 0 byte(s)
*pulTransTime unsigned long 0x00000000 (0)
[Return value] unsigned long 0x00000000 (ecNone)
rgbOut unsigned char[] 26 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 18 (0x0012), SizeActual: 18 (0x0012) < XorMagic | Last >
HSOT Table: 2 Item(s)
[0] 0x00000000 [1] 0x0000000D
RopOpenFolder:
RopId unsigned char 0x02 (2)
OutputHandleIndex unsigned long 1 (HSOT=0x0000000d)
ReturnValue unsigned long 0x00000000 (ecNone)
HasRulesFlag unsigned char 0x00 (0)
IsGhosted unsigned char 0x00 (0)
Raw ROP data in binary form:
0002: 02 01 00 00 00 00 00 00 - ........
SUCCESS: 1 ROP(s) processed in 0 chain(s)
17:34:48.112 #00484 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:48.307 #00485 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:48.307 #00486 192.168.2.20:22445 192.168.2.10:6001 TCP/IP
17:34:48.308 #00487 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x29 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001b (27)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 27 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 19 (0x0013), SizeActual: 19 (0x0013) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x0000000D
RopGetPropertiesSpecific:
RopId unsigned char 0x07 (7)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x0000000d)
PropertySizeLimit unsigned short 0x0000 (0)
WantUnicode unsigned short 0x0001 (1)
PropertyTagCount unsigned short 0x0001 (1)
PropertyTags:
0x3613001e PidTagContainerClass
Raw ROP data in binary form:
0002: 07 00 00 00 00 01 00 01 00 1E 00 13 36 - ............6
SUCCESS: 1 ROP(s) processed
17:34:48.308 #00488 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0x29 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001b (27)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 27 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 19 (0x0013), SizeActual: 19 (0x0013) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x0000000D
RopGetPropertiesSpecific:
RopId unsigned char 0x07 (7)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x0000000d)
PropertySizeLimit unsigned short 0x0000 (0)
WantUnicode unsigned short 0x0001 (1)
PropertyTagCount unsigned short 0x0001 (1)
PropertyTags:
0x3613001e PidTagContainerClass
Raw ROP data in binary form:
0002: 07 00 00 00 00 01 00 01 00 1E 00 13 36 - ............6
SUCCESS: 1 ROP(s) processed
17:34:48.309 #00489 192.168.2.10:6001 192.168.2.20:22444 TCP/IP
17:34:48.312 #00490 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0x29 RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:48.312 #00491 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0x29 RESPONSE: 0 ms Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
*pcbOut unsigned long 0x0000001e (30)
*pcbAux unsigned long 0x00000000 (0)
rgbAuxOut unsigned char[] 0 byte(s)
*pulTransTime unsigned long 0x00000000 (0)
[Return value] unsigned long 0x00000000 (ecNone)
rgbOut unsigned char[] 30 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 22 (0x0016), SizeActual: 22 (0x0016) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x0000000D
RopGetPropertiesSpecific:
RopId unsigned char 0x07 (7)
InputHandleIndex unsigned long 0 (HSOT=0x0000000d)
ReturnValue unsigned long 0x00000000 (ecNone)
RowDataCount unsigned short 0x0001 (1)
RowData PropertyValue[1]
Flag unsigned char 0x00 (0)
0x3613001e PidTagContainerClass PtypString8 IPF.Note
Raw ROP data in binary form:
0002: 07 00 00 00 00 00 00 49 50 46 2E 4E 6F 74 65 00 - .......IPF.Note.
SUCCESS: 1 ROP(s) processed in 0 chain(s)
17:34:48.313 #00492 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:48.509 #00493 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:48.510 #00494 192.168.2.20:22445 192.168.2.10:6001 TCP/IP
17:34:48.510 #00495 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x2a REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x00000011 (17)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 17 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 9 (0x0009), SizeActual: 9 (0x0009) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x0000000D
RopRelease:
RopId unsigned char 0x01 (1)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x0000000d)
Raw ROP data in binary form:
0002: 01 00 00 - ...
SUCCESS: 1 ROP(s) processed
17:34:48.510 #00496 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0x2a REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x00000011 (17)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 17 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 9 (0x0009), SizeActual: 9 (0x0009) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x0000000D
RopRelease:
RopId unsigned char 0x01 (1)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x0000000d)
Raw ROP data in binary form:
0002: 01 00 00 - ...
SUCCESS: 1 ROP(s) processed
17:34:48.511 #00497 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0x2a RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:48.511 #00498 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0x2a RESPONSE: 0 ms Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
*pcbOut unsigned long 0x0000000e (14)
*pcbAux unsigned long 0x00000000 (0)
rgbAuxOut unsigned char[] 0 byte(s)
*pulTransTime unsigned long 0x00000000 (0)
[Return value] unsigned long 0x00000000 (ecNone)
rgbOut unsigned char[] 14 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 6 (0x0006), SizeActual: 6 (0x0006) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x01FFFFFE
SUCCESS: 0 ROP(s) processed in 0 chain(s)
17:34:48.512 #00499 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:48.712 #00500 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:48.713 #00501 192.168.2.20:22445 192.168.2.10:6001 TCP/IP
17:34:48.713 #00502 192.168.2.10:6001 192.168.2.20:22444 TCP/IP
17:34:48.713 #00503 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x2b REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001f (31)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 31 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 23 (0x0017), SizeActual: 23 (0x0017) < XorMagic | Last >
HSOT Table: 2 Item(s)
[0] 0x00000000 [1] 0xFFFFFFFF
RopOpenFolder:
RopId unsigned char 0x02 (2)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000000)
OutputHandleIndex unsigned long 1 (HSOT=0xffffffff)
FID ID 26e1-000000ef358f
OpenModeFlags unsigned char 0x00 (0) < ReadOnly >
Raw ROP data in binary form:
0002: 02 00 00 01 E1 26 00 00 00 EF 35 8F 00 - .....&....5..
SUCCESS: 1 ROP(s) processed
17:34:48.714 #00504 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0x2b REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001f (31)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 31 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 23 (0x0017), SizeActual: 23 (0x0017) < XorMagic | Last >
HSOT Table: 2 Item(s)
[0] 0x00000000 [1] 0xFFFFFFFF
RopOpenFolder:
RopId unsigned char 0x02 (2)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000000)
OutputHandleIndex unsigned long 1 (HSOT=0xffffffff)
FID ID 26e1-000000ef358f
OpenModeFlags unsigned char 0x00 (0) < ReadOnly >
Raw ROP data in binary form:
0002: 02 00 00 01 E1 26 00 00 00 EF 35 8F 00 - .....&....5..
SUCCESS: 1 ROP(s) processed
17:34:48.718 #00505 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0x2b RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:48.718 #00506 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0x2b RESPONSE: 0 ms Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
*pcbOut unsigned long 0x0000001a (26)
*pcbAux unsigned long 0x00000000 (0)
rgbAuxOut unsigned char[] 0 byte(s)
*pulTransTime unsigned long 0x00000000 (0)
[Return value] unsigned long 0x00000000 (ecNone)
rgbOut unsigned char[] 26 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 18 (0x0012), SizeActual: 18 (0x0012) < XorMagic | Last >
HSOT Table: 2 Item(s)
[0] 0x00000000 [1] 0x0000000E
RopOpenFolder:
RopId unsigned char 0x02 (2)
OutputHandleIndex unsigned long 1 (HSOT=0x0000000e)
ReturnValue unsigned long 0x00000000 (ecNone)
HasRulesFlag unsigned char 0x00 (0)
IsGhosted unsigned char 0x00 (0)
Raw ROP data in binary form:
0002: 02 01 00 00 00 00 00 00 - ........
SUCCESS: 1 ROP(s) processed in 0 chain(s)
17:34:48.719 #00507 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:48.916 #00508 192.168.2.10:6001 192.168.2.20:22444 TCP/IP
17:34:48.931 #00509 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:48.931 #00510 192.168.2.20:22445 192.168.2.10:6001 TCP/IP
17:34:48.931 #00511 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x2c REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001b (27)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 27 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 19 (0x0013), SizeActual: 19 (0x0013) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x0000000E
RopGetPropertiesSpecific:
RopId unsigned char 0x07 (7)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x0000000e)
PropertySizeLimit unsigned short 0x0000 (0)
WantUnicode unsigned short 0x0001 (1)
PropertyTagCount unsigned short 0x0001 (1)
PropertyTags:
0x3613001e PidTagContainerClass
Raw ROP data in binary form:
0002: 07 00 00 00 00 01 00 01 00 1E 00 13 36 - ............6
SUCCESS: 1 ROP(s) processed
17:34:48.931 #00512 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0x2c REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x0000001b (27)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 27 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 19 (0x0013), SizeActual: 19 (0x0013) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x0000000E
RopGetPropertiesSpecific:
RopId unsigned char 0x07 (7)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x0000000e)
PropertySizeLimit unsigned short 0x0000 (0)
WantUnicode unsigned short 0x0001 (1)
PropertyTagCount unsigned short 0x0001 (1)
PropertyTags:
0x3613001e PidTagContainerClass
Raw ROP data in binary form:
0002: 07 00 00 00 00 01 00 01 00 1E 00 13 36 - ............6
SUCCESS: 1 ROP(s) processed
17:34:48.933 #00513 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0x2c RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:48.933 #00514 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0x2c RESPONSE: 0 ms Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
*pcbOut unsigned long 0x0000001e (30)
*pcbAux unsigned long 0x00000000 (0)
rgbAuxOut unsigned char[] 0 byte(s)
*pulTransTime unsigned long 0x00000000 (0)
[Return value] unsigned long 0x00000000 (ecNone)
rgbOut unsigned char[] 30 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 22 (0x0016), SizeActual: 22 (0x0016) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x0000000E
RopGetPropertiesSpecific:
RopId unsigned char 0x07 (7)
InputHandleIndex unsigned long 0 (HSOT=0x0000000e)
ReturnValue unsigned long 0x00000000 (ecNone)
RowDataCount unsigned short 0x0001 (1)
RowData PropertyValue[1]
Flag unsigned char 0x00 (0)
0x3613001e PidTagContainerClass PtypString8 IPF.Task
Raw ROP data in binary form:
0002: 07 00 00 00 00 00 00 49 50 46 2E 54 61 73 6B 00 - .......IPF.Task.
SUCCESS: 1 ROP(s) processed in 0 chain(s)
17:34:48.934 #00515 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:49.133 #00516 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:49.134 #00517 192.168.2.20:22445 192.168.2.10:6001 TCP/IP
17:34:49.134 #00518 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x2d REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x00000011 (17)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 17 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 9 (0x0009), SizeActual: 9 (0x0009) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x0000000E
RopRelease:
RopId unsigned char 0x01 (1)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x0000000e)
Raw ROP data in binary form:
0002: 01 00 00 - ...
SUCCESS: 1 ROP(s) processed
17:34:49.135 #00519 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0x2d REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x00000011 (17)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 17 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 9 (0x0009), SizeActual: 9 (0x0009) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x0000000E
RopRelease:
RopId unsigned char 0x01 (1)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x0000000e)
Raw ROP data in binary form:
0002: 01 00 00 - ...
SUCCESS: 1 ROP(s) processed
17:34:49.135 #00520 192.168.2.10:6001 192.168.2.20:22444 TCP/IP
17:34:49.136 #00521 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0x2d RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:49.137 #00522 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0x2d RESPONSE: 0 ms Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
*pcbOut unsigned long 0x0000000e (14)
*pcbAux unsigned long 0x00000000 (0)
rgbAuxOut unsigned char[] 0 byte(s)
*pulTransTime unsigned long 0x00000000 (0)
[Return value] unsigned long 0x00000000 (ecNone)
rgbOut unsigned char[] 14 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 6 (0x0006), SizeActual: 6 (0x0006) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x01FFFFFE
SUCCESS: 0 ROP(s) processed in 0 chain(s)
17:34:49.138 #00523 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:49.352 #00524 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:49.352 #00525 192.168.2.20:22445 192.168.2.10:6001 TCP/IP
17:34:49.354 #00526 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x2e REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x00000015 (21)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 21 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 13 (0x000d), SizeActual: 13 (0x000d) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000002
RopQueryRows:
RopId unsigned char 0x15 (21)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000002)
QueryRowsFlags unsigned char 0x00 (0)
ForwardRead unsigned char 0x01 (1)
RowCount unsigned short 0x0032 (50)
Raw ROP data in binary form:
0002: 15 00 00 00 01 32 00 - .....2.
SUCCESS: 1 ROP(s) processed
17:34:49.355 #00527 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0x2e REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x00000015 (21)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 21 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 13 (0x000d), SizeActual: 13 (0x000d) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000002
RopQueryRows:
RopId unsigned char 0x15 (21)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000002)
QueryRowsFlags unsigned char 0x00 (0)
ForwardRead unsigned char 0x01 (1)
RowCount unsigned short 0x0032 (50)
Raw ROP data in binary form:
0002: 15 00 00 00 01 32 00 - .....2.
SUCCESS: 1 ROP(s) processed
17:34:49.357 #00528 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0x2e RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:49.357 #00529 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0x2e RESPONSE: 0 ms Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
*pcbOut unsigned long 0x00000017 (23)
*pcbAux unsigned long 0x00000000 (0)
rgbAuxOut unsigned char[] 0 byte(s)
*pulTransTime unsigned long 0x00000000 (0)
[Return value] unsigned long 0x00000000 (ecNone)
rgbOut unsigned char[] 23 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 15 (0x000f), SizeActual: 15 (0x000f) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000002
RopQueryRows:
RopId unsigned char 0x15 (21)
InputHandleIndex unsigned long 0 (HSOT=0x00000002)
ReturnValue unsigned long 0x00000000 (ecNone)
Origin unsigned char 0x02 (2) < BOOKMARK_END >
RowCount unsigned short 0x0000 (0)
RowData PropertyRow[6]
Raw ROP data in binary form:
0002: 15 00 00 00 00 00 02 00 00 - .........
SUCCESS: 1 ROP(s) processed in 0 chain(s)
17:34:49.358 #00530 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:49.570 #00531 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:49.570 #00532 192.168.2.20:22445 192.168.2.10:6001 TCP/IP
17:34:49.570 #00533 192.168.2.10:6001 192.168.2.20:22444 TCP/IP
17:34:49.571 #00534 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x2f REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x00000011 (17)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 17 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 9 (0x0009), SizeActual: 9 (0x0009) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000002
RopRelease:
RopId unsigned char 0x01 (1)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000002)
Raw ROP data in binary form:
0002: 01 00 00 - ...
SUCCESS: 1 ROP(s) processed
17:34:49.571 #00535 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0x2f REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x00000011 (17)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 17 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 9 (0x0009), SizeActual: 9 (0x0009) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000002
RopRelease:
RopId unsigned char 0x01 (1)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000002)
Raw ROP data in binary form:
0002: 01 00 00 - ...
SUCCESS: 1 ROP(s) processed
17:34:49.573 #00536 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0x2f RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:49.574 #00537 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0x2f RESPONSE: 0 ms Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
*pcbOut unsigned long 0x0000000e (14)
*pcbAux unsigned long 0x00000000 (0)
rgbAuxOut unsigned char[] 0 byte(s)
*pulTransTime unsigned long 0x00000000 (0)
[Return value] unsigned long 0x00000000 (ecNone)
rgbOut unsigned char[] 14 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 6 (0x0006), SizeActual: 6 (0x0006) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x01FFFFFE
SUCCESS: 0 ROP(s) processed in 0 chain(s)
17:34:49.575 #00538 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:49.773 #00539 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:49.773 #00540 192.168.2.20:22445 192.168.2.10:6001 TCP/IP
17:34:49.774 #00541 192.168.2.10:6001 192.168.2.20:22444 TCP/IP
17:34:49.775 #00542 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x30 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x00000011 (17)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 17 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 9 (0x0009), SizeActual: 9 (0x0009) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000001
RopRelease:
RopId unsigned char 0x01 (1)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000001)
Raw ROP data in binary form:
0002: 01 00 00 - ...
SUCCESS: 1 ROP(s) processed
17:34:49.776 #00543 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0x30 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x00000011 (17)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 17 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 9 (0x0009), SizeActual: 9 (0x0009) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000001
RopRelease:
RopId unsigned char 0x01 (1)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000001)
Raw ROP data in binary form:
0002: 01 00 00 - ...
SUCCESS: 1 ROP(s) processed
17:34:49.777 #00544 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0x30 RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:49.778 #00545 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0x30 RESPONSE: 0 ms Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
*pcbOut unsigned long 0x0000000e (14)
*pcbAux unsigned long 0x00000000 (0)
rgbAuxOut unsigned char[] 0 byte(s)
*pulTransTime unsigned long 0x00000000 (0)
[Return value] unsigned long 0x00000000 (ecNone)
rgbOut unsigned char[] 14 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 6 (0x0006), SizeActual: 6 (0x0006) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x01FFFFFE
SUCCESS: 0 ROP(s) processed in 0 chain(s)
17:34:49.779 #00546 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:49.976 #00547 192.168.2.10:6001 192.168.2.20:22444 TCP/IP
17:34:49.991 #00548 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:49.992 #00549 192.168.2.20:22445 192.168.2.10:6001 TCP/IP
17:34:49.995 #00550 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x31 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x00000011 (17)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 17 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 9 (0x0009), SizeActual: 9 (0x0009) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000000
RopRelease:
RopId unsigned char 0x01 (1)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000000)
Raw ROP data in binary form:
0002: 01 00 00 - ...
SUCCESS: 1 ROP(s) processed
17:34:50.011 #00551 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0x31 REQUEST: Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
cbIn unsigned long 0x00000011 (17)
*pcbOut unsigned long 0x00008007 (32775)
rgbAuxIn unsigned char[] 0 byte(s)
*pcbAuxOut unsigned long 0x00001008 (4104)
rgbIn unsigned char[] 17 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 9 (0x0009), SizeActual: 9 (0x0009) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x00000000
RopRelease:
RopId unsigned char 0x01 (1)
LogonId unsigned char 0x00 (0)
InputHandleIndex unsigned long 0 (HSOT=0x00000000)
Raw ROP data in binary form:
0002: 01 00 00 - ...
SUCCESS: 1 ROP(s) processed
17:34:50.014 #00552 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0x31 RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:50.014 #00553 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0x31 RESPONSE: 0 ms Store RPC
EcDoRpcExt2
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
*pulFlags unsigned long 0x00000000 (0)
*pcbOut unsigned long 0x0000000e (14)
*pcbAux unsigned long 0x00000000 (0)
rgbAuxOut unsigned char[] 0 byte(s)
*pulTransTime unsigned long 0x00000000 (0)
[Return value] unsigned long 0x00000000 (ecNone)
rgbOut unsigned char[] 14 byte(s)
RPC_HEADER_EXT Header: Version: 0 (0x0000), Flags: 6 (0x0006), Size: 6 (0x0006), SizeActual: 6 (0x0006) < XorMagic | Last >
HSOT Table: 1 Item(s)
[0] 0x01FFFFFE
SUCCESS: 0 ROP(s) processed in 0 chain(s)
17:34:50.015 #00554 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:50.210 #00555 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:50.210 #00556 192.168.2.10:6001 192.168.2.20:22444 TCP/IP
17:34:50.210 #00557 192.168.2.254:60990 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x32 REQUEST: Store RPC
EcDoDisconnect
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
17:34:50.210 #00558 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
MSRPC Call ID: 0x32 REQUEST: Store RPC
EcDoDisconnect
pcxh PCXH 0x00000000-{06681f60-25af-4bf4-87a6-f3a032cc4ac2}
17:34:50.212 #00559 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
MSRPC Call ID: 0x32 RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:50.212 #00560 192.168.2.20:22445 192.168.2.10:6001 TCP/IP
17:34:50.212 #00561 192.168.2.20:80 192.168.2.254:60991 TCP/IP
MSRPC Call ID: 0x32 RESPONSE: 0 ms Store RPC
EcDoDisconnect
pcxh PCXH 0x00000000-{00000000-0000-0000-0000-000000000000}
[Return value] unsigned long 0x00000000 (ecNone)
17:34:50.213 #00562 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:50.213 #00563 192.168.2.254:60990 192.168.2.20:80 TCP/IP
17:34:50.213 #00564 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:50.213 #00565 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:50.213 #00566 192.168.2.254:60988 192.168.2.20:80 TCP/IP
MSRPC Call ID: 0x3 REQUEST: NSPI
17:34:50.214 #00567 192.168.2.20:22442 192.168.2.10:6004 TCP/IP
MSRPC Call ID: 0x3 REQUEST: NSPI
17:34:50.214 #00568 192.168.2.20:80 192.168.2.254:60990 TCP/IP
17:34:50.215 #00569 192.168.2.10:6004 192.168.2.20:22443 TCP/IP
MSRPC Call ID: 0x3 RESPONSE: 0 ms
Cannot best guess response; no GUID or previous BIND.
Unknown binding
17:34:50.215 #00570 192.168.2.20:80 192.168.2.254:60989 TCP/IP
MSRPC Call ID: 0x3 RESPONSE: 0 ms NSPI
17:34:50.215 #00571 192.168.2.254:60990 192.168.2.20:80 TCP/IP
17:34:50.215 #00572 192.168.2.20:22444 192.168.2.10:6001 TCP/IP
17:34:50.216 #00573 192.168.2.254:60989 192.168.2.20:80 TCP/IP
17:34:50.216 #00574 192.168.2.254:60988 192.168.2.20:80 TCP/IP
17:34:50.216 #00575 192.168.2.254:60989 192.168.2.20:80 TCP/IP
17:34:50.216 #00576 192.168.2.20:80 192.168.2.254:60988 TCP/IP
17:34:50.216 #00577 192.168.2.10:6001 192.168.2.20:22445 TCP/IP
17:34:50.217 #00578 192.168.2.20:80 192.168.2.254:60991 TCP/IP
17:34:50.217 #00579 192.168.2.20:80 192.168.2.254:60988 TCP/IP
17:34:50.217 #00580 192.168.2.254:60991 192.168.2.20:80 TCP/IP
17:34:50.218 #00581 192.168.2.254:60988 192.168.2.20:80 TCP/IP
17:34:50.218 #00582 192.168.2.20:22442 192.168.2.10:6004 TCP/IP
17:34:50.219 #00583 192.168.2.10:6004 192.168.2.20:22443 TCP/IP
17:34:50.219 #00584 192.168.2.20:80 192.168.2.254:60989 TCP/IP
17:34:50.220 #00585 192.168.2.254:60989 192.168.2.20:80 TCP/IP
17:34:50.585 #00586 192.168.2.10:8250 192.168.2.20:135 TCP/IP
17:34:50.585 #00587 192.168.2.20:135 192.168.2.10:8250 TCP/IP
17:34:50.585 #00588 192.168.2.20:135 192.168.2.10:8250 TCP/IP
17:34:50.585 #00589 192.168.2.10:8250 192.168.2.20:135 TCP/IP
Finished Parsing File in 0.031 seconds
-------------- next part --------------
A non-text attachment was scrubbed...
Name: c4.cap
Type: application/vnd.tcpdump.pcap
Size: 82232 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20140811/71a2ec8b/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: network.pdf
Type: application/pdf
Size: 41569 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20140811/71a2ec8b/attachment-0001.pdf>
More information about the samba-technical
mailing list