The response came back instantly. The server provided a list of workgroups, including one named LEDGER-ADMIN , and detailed endpoint references for network shares that hadn't been mapped during the initial scan.
Older Windows versions (7, Server 2008 R2, early 2016) had a RCE via crafted ProbeMatches message. Exploit code exists on Exploit-DB. port 5357 hacktricks
5357/tcp open http Microsoft HTTPAPI httpd 2.0 |_http-title: Service Unavailable |_http-server-header: Microsoft-HTTPAPI/2.0 The response came back instantly