Ports 135 and 137 are very helpful for the attacker because it means that the victim is trying to connect to a remote device or server. Most likely their own server, which means if they are the admin for a website server, they can harvest user credentials and either sell the information, use it as a cover up for their next few attacks, or they could get the Admins credentials, connect to a VPN server from Germany or Switzerland to cover their Public IP and destroy their server that they connected to.
Please message me if you have more questions like this. Although I am still learning to get my CEH, I still think like a hacker full-time :)
