BF-Detector : Forensic Report

NS500367 - 04/03/2026 19:17:20 - Range: 15 days
Total Attempts
4163
Total Success
49
Success Rate
1 %
Risk Level
High : 40 %
Protocols : ✔ No weak protocol

Negotiate (16)
NTLM V2 (33)
Anonymous : ✔ Not detected
Processes Logon : ✔ Clean

svchost.exe (16)
Open Ports : Detected

0.0.0.0:19192 - svchost - (Unknown)
0.0.0.0:2179 - vmms - (Hyper-V)
0.0.0.0:135 - svchost - (RPC)
RDP : Enabled
NLA : Enabled
TLS_CredSSP : Enabled
Port : 19192
Firewall : Enabled
Anonymous : Allowed
AnonymousSAM : Protected
EveryoneAnon : Disabled

IPs that Failed and Successfully Logged In

IP User Failures Success Reason Protocol Source Time Range First Logon Last Logon
170.10.20.30 admin (3)
t2.mehdi (9)
admincd13 (1)
adminlocal (1)
t0.mehdi (4)
administrateur (1)		 19 32 User does not exist (5)
Wrong password (11)
Password expired (3)		 NTLM (19) ns500367 (19) 11:56 → 23:59 03/24/2026 23:39:30 03/26/2026 13:51:34

User Logon Analysis

User Connections IP Count Country City IPs
T2.mehdi 29 1 France Paris 170.10.20.30
admin 13 2 France Paris
Marseille 03		 170.10.20.30
50.10.20.30
admin26 7 1 France Marseille 03 50.10.20.30