10341000x8000000000000000342480Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.984{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exe0x1010C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000342479Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.984{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000342478Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.984{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000342477Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.983{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exe0x1010C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000342476Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.983{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000342475Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.983{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 354300x8000000000000000342474Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.139{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50217-false52.73.161.63ec2-52-73-161-63.compute-1.amazonaws.com443https 354300x8000000000000000342473Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.139{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local58322- 354300x8000000000000000342472Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.137{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local64741- 354300x8000000000000000342471Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.136{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50215-false69.192.209.51a69-192-209-51.deploy.static.akamaitechnologies.com443https 354300x8000000000000000342470Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.132{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local60140- 354300x8000000000000000342469Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.130{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50214-false23.48.205.83a23-48-205-83.deploy.static.akamaitechnologies.com443https 354300x8000000000000000342468Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.107{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50212-false69.192.209.51a69-192-209-51.deploy.static.akamaitechnologies.com443https 354300x8000000000000000342467Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.103{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50210-false23.48.205.83a23-48-205-83.deploy.static.akamaitechnologies.com443https 354300x8000000000000000342466Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.100{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50213-false52.73.161.63ec2-52-73-161-63.compute-1.amazonaws.com443https 354300x8000000000000000342465Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.099{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50211-false23.48.205.83a23-48-205-83.deploy.static.akamaitechnologies.com443https 354300x8000000000000000342464Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.090{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local63192- 354300x8000000000000000342463Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.089{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local64325- 354300x8000000000000000342462Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.088{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local55831- 354300x8000000000000000342461Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.085{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local61647- 354300x8000000000000000342460Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.084{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local56592- 354300x8000000000000000342459Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.083{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local56305- 354300x8000000000000000342458Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:22.977{6820D070-4ADF-6323-3200-000000007502}2936C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50209-false10.0.1.12ip-10-0-1-12.us-east-2.compute.internal8089- 23542300x8000000000000000342457Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.889{6820D070-4AF2-6323-7D00-000000007502}3084NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=16FA4C79BF08AF9046AAE8AA15160E31,SHA256=8E69FBABBF6F741B05423F57E23E90F107B6B3A90440A2FF5375F82765B9E0AE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000342456Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.878{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exe0x1010C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000342455Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.878{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000342454Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.878{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000342453Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.878{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exe0x1010C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000342452Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.878{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000342451Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.878{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 734700x8000000000000000342450Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.796{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000342449Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.796{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000342448Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.795{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000342447Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.794{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.5066 (rs1_release.220401-1841)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=75E3DE473374E0BCBBD1EC60036A93EC,SHA256=23EBE577D2080D4C7532184B69E44BF640BB44084F9046A5AF364268A7BDB1EC,IMPHASH=6CC8301D560C9DC6CB13A6320F3A3B1FtrueMicrosoft WindowsValid 23542300x8000000000000000342446Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.785{6820D070-4D64-6323-ED00-000000007502}6140ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\qyyifi8m.default-release\cache2\indexMD5=DF5B253A35AB153D699566D354497BD8,SHA256=2BBF5C3631BB46CAFEB969F3E6C25FEC2CEF06D52EF3EFD68AE098F311B97DAD,IMPHASH=00000000000000000000000000000000falsetrue 734700x8000000000000000342445Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.775{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000342444Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.774{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.5066 (rs1_release.220401-1841)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3D375474E2FE9A77D243E35954287188,SHA256=7850F11166D7CACED6F628033524ED86191AE92772000AFA677E59A664396E8C,IMPHASH=6990BA83B94C81786A84E6C44E699D03trueMicrosoft WindowsValid 734700x8000000000000000342443Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.773{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000342442Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.773{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.5125 (rs1_release.220429-1732)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=E8FF656B90334BED915B2BC6BBE57C9A,SHA256=8BB399AD98B9D9C637D09EB48306B1E80C50BAA7D1C9811595D9042E4294173C,IMPHASH=FE007B4B6CED5075C98434207FFF87E0trueMicrosoft WindowsValid 734700x8000000000000000342441Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.762{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.5006 (rs1_release.220301-1704)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=F0258C58C8DC45AF9B5AAF9BA49E0C53,SHA256=8E1EAA39742CC0E97D615229E9C13C8447B8D115B4678A1F03BE3E8E20345521,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x8000000000000000342440Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.762{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000342439Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.761{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.5192 (rs1_release.220610-1622)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=48620A4A9EE4129296C93ED63D5363B2,SHA256=1FACA8BACE6051E29DEB1BB593B7F17FDABCCFC7A0FC4562BD77AA7CFB579435,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000342438Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.761{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000342437Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.761{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000342436Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.761{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2zaOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=B28B29D2F85EB8349BFB5E7214D7F4D5,SHA256=17260ACBE55D8988E598ECEFBC60140EBE057336B47D8089444588321F067280,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000342435Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.760{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=AD564ED89D67D88709AA5980BAE20604,SHA256=0EEBE5AA750667908006742E133AE1C273D966897B95B1A0E63826450BB4780A,IMPHASH=A48DFE6DD98128BE3EB687CBF2724A44trueSplunk, Inc.Valid 734700x8000000000000000342434Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.760{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=98C643DECFE1971BE3E8B076B19BFD72,SHA256=A520C20F316C902985449BC17AB5F86FCF2F41420B08C1AE08BA06E767EB49F3,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000342433Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.760{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=9BC99DECE580BD163AC318FCD1ACB667,SHA256=94BA08021E14476ED8EC2DC81165574B64274E20F2D8DE9CA98CD0D10CE279F7,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000342432Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.760{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000342431Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.759{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728B,IMPHASH=98738BA55485CCA932F6D222F47FFC55trueMicrosoft WindowsValid 734700x8000000000000000342430Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.759{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000342429Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.759{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2zaOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=0FE6D3D4B3F4B0F5502371832D12BB8E,SHA256=3DF79909021C72E70D2AE273587296E5E2D5F77315011B5C3115CFA359682647,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000342428Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.759{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4770 (rs1_release.211101-1440)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=54417B63FB3760BC6DBC5DB1BDA4C272,SHA256=B7A8B457B252AB949C067D5FCFEFB2AE98E9115B958D2A0FC120D7B13B3E9FAD,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000342427Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.759{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000342426Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.759{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.10libxml2 librarylibxml2-libxml2.dllMD5=20596DB2126E9F188727597F0FCC7CDB,SHA256=BAD6246A2B43B07FE80643DE40B0CE49751C8E0B95B076AD94E59F16CE8D8C0C,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000342425Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.758{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=FBA0D04D5A8AEA25D86EC623A14D0056,SHA256=D64FE508393C40160D1EFB22149C69763CBAA921BD1BC74C8D4AE59A10C3B767,IMPHASH=987AB6B8B03EE421D8CC59EAFE452916trueSplunk, Inc.Valid 734700x8000000000000000342424Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.758{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.5192 (rs1_release.220610-1622)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=336FBB55FF4D4E5A05343A51C98A8F74,SHA256=FD42EBCB39DD4311FA7515010FF4D08AC4DFF7D5C35FCB23207833ED4C2E8444,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000342423Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.758{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=EB53D1BF6E1667C8727EBBB5D5A862ED,SHA256=2B3D48DFA43A284B1C66A8A98B0A48104133D86EEEB2E8E060BE2281CF476348,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000342422Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.757{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000342421Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.757{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27,IMPHASH=B01B7830101BC0D5FBDE4FFE2B170CF7trueMicrosoft WindowsValid 734700x8000000000000000342420Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.757{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F284A98093B423946252259D7D2857D3,SHA256=193F70529B68EF108EA17ABC069E6DACF4541A547DF1D2F249F7555A58BCFA07,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000342419Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.757{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000342418Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.756{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x8000000000000000342417Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.756{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9,IMPHASH=3C043C6FF0F62DAEB8819606F79C5ECCtrueMicrosoft WindowsValid 734700x8000000000000000342416Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.756{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000342415Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.756{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000342414Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.755{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000342413Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.754{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4886 (rs1_release.220104-1735)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=C42106182CCA611F629E46981D1A0EEA,SHA256=68C134F95A8D38AE84545C8D581F4BF808B6C9D97513EA3CABF019C66419CBAE,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 23542300x8000000000000000342412Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.754{6820D070-4AF2-6323-7D00-000000007502}3084NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D56223ACF66F4E2D8D0AD6F2BD345074,SHA256=CDEC9DBAAA346DD899900890040AD84AC90FD85AE3D840C7F9C09066C186AE9D,IMPHASH=00000000000000000000000000000000falsetrue 734700x8000000000000000342411Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.753{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.5291 (rs1_release.220806-1444)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=F8550606B41FF309D9A1DC76BB4EE875,SHA256=A1FFDD6A2EDA9E0CF047C74B00649A2EA228E3B8BDE1761C66879FA40335C2EB,IMPHASH=C4246EC3F13C64466ED4274DBAA3B132trueMicrosoft WindowsValid 734700x8000000000000000342410Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.752{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.5006 (rs1_release.220301-1704)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=9F0F4C38A22FC9FFB8814F77A9563680,SHA256=E9ABDA1063716301F5D06DBC94D6A35B3F53A14B946525E5F764485132DB6166,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000342409Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.751{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 10341000x8000000000000000342408Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.748{6820D070-4AE0-6323-3A00-000000007502}34043444C:\Windows\system32\conhost.exe{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8df|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342407Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.745{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.5246 (rs1_release.220701-1744)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=96EFBE3DB6300BB13E0720809302FF9F,SHA256=2DE51A861E8D47D75730027E8BD70554363E10449EC258527C491EE8D4A57C2F,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000342406Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.743{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=92D599E644B89C0F9E7DDB55762EBEA6,SHA256=F32D28EE73EADAF9EF3F30145FA3C52B88DF47236B8747434750832BF1B9CDEE,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000342405Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.741{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.5006 (rs1_release.220301-1704)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=F5EE39B17A8BCDEDC3D40997C26F62B1,SHA256=11C1C88B1CC11D9800DEEF27ED7ABDFDE3DC852687A3B9FBD5153284106E5952,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000342404Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.738{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.2.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=92BD3C71158FA8B9A0821D43564A56E7,SHA256=7850C91F8D08679D7A0579D350C08CA6F6EDEA8A12226ADC2E30B4ABF8CE0BE2,IMPHASH=FD2D4472615B421BAEF1D51F46EF5F52trueSplunk, Inc.Valid 10341000x8000000000000000342403Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.736{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342402Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.736{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342401Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.736{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342400Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.735{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342399Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.735{6820D070-4ACF-6323-0500-000000007502}404520C:\Windows\system32\csrss.exe{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000342398Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.734{6820D070-4ADF-6323-3200-000000007502}29363888C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b830|C:\Windows\System32\KERNELBASE.dll+6b316|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e499f1|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+1b3255|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+1bd30d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+1b59b6|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+dd3c14|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+1bd79a|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+1c0f1c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+dd07d2|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+dd491d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+1bb965|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+dc694e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000342397Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.734{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.2.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6820D070-4ACF-6323-E703-000000000000}0x3e70SystemMD5=92BD3C71158FA8B9A0821D43564A56E7,SHA256=7850C91F8D08679D7A0579D350C08CA6F6EDEA8A12226ADC2E30B4ABF8CE0BE2,IMPHASH=FD2D4472615B421BAEF1D51F46EF5F52{6820D070-4ADF-6323-3200-000000007502}2936C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000342396Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:22.684{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local61637- 354300x8000000000000000342395Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:22.684{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local60915- 23542300x8000000000000000342394Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.720{6820D070-4D64-6323-ED00-000000007502}6140ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qyyifi8m.default-release\storage\default\https+++www.tutorialspoint.com\ls\data.sqlite-journalMD5=7BD846687A299E1AE83C2F4A27AE9262,SHA256=FEC933A3B73800E7CD36683FAAAE7EFD0534065B236890D116C6985047C53C1F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000342393Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.709{6820D070-4D64-6323-ED00-000000007502}6140ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qyyifi8m.default-release\storage\default\https+++www.tutorialspoint.com\ls\data.sqlite-journalMD5=33D4D8A815DCE0C2199C431E68B18AA5,SHA256=E46AEE76B266CC17F7C33A61237F1B948B2F6BFAA7CE6BE5031F8DAAD361566E,IMPHASH=00000000000000000000000000000000falsetrue 734700x8000000000000000342392Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.696{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\mfperfhelper.dll10.0.14393.0 (rs1_release.160715-1616)MFPerf DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmfperfhelper.dllMD5=DAD53152E620AB1D256F531CCDDF4C96,SHA256=577A697C088A319A9839989E18548F46121E661D56C701DE0360905E814BC12D,IMPHASH=A00BC62B03D75EE2D584A9E7EFBA79A6trueMicrosoft WindowsValid 23542300x8000000000000000342391Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.696{6820D070-4D64-6323-ED00-000000007502}6140ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qyyifi8m.default-release\storage\default\https+++www.tutorialspoint.com\ls\data.sqlite-journalMD5=BB273CCDFD0003EBEA87883C13BD96E7,SHA256=52671A03B8796CC18E46C6D688C951B7C59DE2314EE47924B1FDDBBAF63A9C32,IMPHASH=00000000000000000000000000000000falsetrue 734700x8000000000000000342390Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.693{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\MSAudDecMFT.dll10.0.14393.206 (rs1_release.160915-0644)Media Foundation Audio DecodersMicrosoft® Windows® Operating SystemMicrosoft CorporationMSAudDecMFT.dllMD5=899A520E5B6B8631DF6863BBD33A4264,SHA256=2A23CAF4CC2D11A20574EDE1755D03F4FF1ECDCE3D626A69D85CFE46703BC97D,IMPHASH=564825227B20C446A4E5874DD1BAF1FAtrueMicrosoft WindowsValid 734700x8000000000000000342389Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.691{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msdmo.dll10.0.14393.0 (rs1_release.160715-1616)DMO RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationmsdmo.dllMD5=3246C9C5ECF6555103C7119161ACC8C8,SHA256=3A29292F04B09A91C305062E00756194A83BDEA3ABB1BFB783D908E6D1BEBFBC,IMPHASH=B5AB2AA782AD334C5633AAE30A2CFF41trueMicrosoft WindowsValid 734700x8000000000000000342388Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.691{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\MP3DMOD.DLL10.0.14393.0 (rs1_release.160715-1616)Microsoft MP3 Decoder DMOMicrosoft® Windows® Operating SystemMicrosoft Corporationmp3dmod.dllMD5=A9B35CD3C0A14AE1B9DAA8E4114B8E49,SHA256=25142AF94A5C151055C5DAAB89D183F923CE47EE61D8D3B38DE2BC833FC16E18,IMPHASH=33FA1A40805F452D7ED8E842BB1DA59BtrueMicrosoft WindowsValid 18141800x8000000000000000342387Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:24.691{6820D070-4D64-6323-ED00-000000007502}6140\gecko.6140.5612.16300775278136278029C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000342386Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:24.691{6820D070-4D64-6323-ED00-000000007502}6140\gecko.6140.5612.16300775278136278029C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000342385Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.686{6820D070-4D64-6323-ED00-000000007502}6140ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qyyifi8m.default-release\storage\default\https+++www.tutorialspoint.com\ls\data.sqlite-journalMD5=244C10DE408795F0C61B671692B9B54B,SHA256=80467C2BD5B404EF74ED945744942028F98E04178B5B4104486D9327DF592B7C,IMPHASH=00000000000000000000000000000000falsetrue 734700x8000000000000000342384Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.673{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575,IMPHASH=CBD4A2FD581B65B4B1934DA291FA2B86trueMicrosoft WindowsValid 734700x8000000000000000342383Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.668{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\evr.dll10.0.14393.2515 (rs1_release_1.180830-1044)Enhanced Video Renderer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationevr.dllMD5=4F00E99C3E92226B072C0E80D52A82F4,SHA256=7788212BD473C69B3C8F6705A7470BE783BE0244BC289334EFA579AAD2C9A91C,IMPHASH=C44CF843A574B60FED1B4D29827EBA14trueMicrosoft WindowsValid 734700x8000000000000000342382Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.664{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\dxva2.dll10.0.14393.0 (rs1_release.160715-1616)DirectX Video Acceleration 2.0 DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationdxva2.dllMD5=DE24CAC5A0B3CE1AD8057FE258712365,SHA256=5CA1E7FBA01D92AA3F933A00E495460DC5DB38DAD2CAD370782474F50F9C964E,IMPHASH=338B9EB254A5341CE890B2511DF3DFAEtrueMicrosoft WindowsValid 734700x8000000000000000342381Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.663{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\mf.dll10.0.14393.5006 (rs1_release.220301-1704)Media Foundation DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmf.dllMD5=B3125628D278292F8EB16B1DC0B7DDAF,SHA256=6BF3676FC778B95462F080EA33815AB5FCCC0EA2DE4EB086FCE786E2E1FD2662,IMPHASH=224763A9487AA02E14432742CBC2F08EtrueMicrosoft WindowsValid 734700x8000000000000000342380Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.661{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\RTWorkQ.dll10.0.14393.479 (rs1_release.161110-2025)Realtime WorkQueue DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationRTWorkQ.dllMD5=1EABA23A7305A232C9A16C14806ED091,SHA256=3AD1A84A56EE0DA68B40D40770787FEED3DCF4A74BE172F01BD837FD680396E6,IMPHASH=41E263D9EB0100A59E34B18CF8F6F725trueMicrosoft WindowsValid 734700x8000000000000000342379Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.659{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\mfplat.dll10.0.14393.4169 (rs1_release.210107-1130)Media Foundation Platform DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmfplat.dllMD5=6B3DD2386B60D0003B3A0A1AE706A9C5,SHA256=2DF94FA3C88D5D8AB5A981C0182263B5D8161CE0F96687D2DF7892EB4F25104C,IMPHASH=4B0B41F559164385A004BCC689586F63trueMicrosoft WindowsValid 734700x8000000000000000342378Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.658{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\mozavutil.dll104.0.2-FirefoxMozilla Foundationmozavutil.dllMD5=93209E2F0966FD267CCA5D52ED209298,SHA256=1B62422C2A6AF6AF87C781291CCE8D5AB31821F77BC1791E43F7A0CF4161B82C,IMPHASH=11BB9E641A35A22B0C79747CAD934F04trueMozilla CorporationValid 734700x8000000000000000342377Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.657{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\mozavcodec.dll104.0.2-FirefoxMozilla Foundationmozavcodec.dllMD5=EF512B58F9F81486D14C33A60FCCF6EF,SHA256=DCCC26865E7C4842AC289219E0026654E454C3C1966ABB08D0DE6C25C046EAA9,IMPHASH=3FF103720EF814BD7CF637C6C5C071CFtrueMozilla CorporationValid 734700x8000000000000000342376Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.656{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704,IMPHASH=1835EBC72F9ADB09C6FCFABC04AC9C89trueMicrosoft WindowsValid 734700x8000000000000000342375Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.656{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winmmbase.dll10.0.14393.0 (rs1_release.160715-1616)Base Multimedia Extension API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMMbase.DLLMD5=24C1E8F8C10471C5A6F0E8AF141211EB,SHA256=75ECAE23C920D81614BA5C0648377C2FC04C7379FD6A388C244A81F50AAB7B1C,IMPHASH=0B9A3C99AAFA99247F9E2BD866186AEAtrueMicrosoft WindowsValid 734700x8000000000000000342374Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.651{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winmm.dll10.0.14393.0 (rs1_release.160715-1616)MCI API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMM.DLLMD5=F16410F5D557337B05CF4F93691EC106,SHA256=2B5BC3C0A6514356C6719298FC25D8D192A2C973EE3283EF48379D2745C9BD87,IMPHASH=9F0D37252D56D3F9E44E69CCC59B57AEtrueMicrosoft WindowsValid 10341000x8000000000000000342373Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.649{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+406b6|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+54cfb|C:\Windows\System32\RPCRT4.dll+533da|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342372Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.647{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntmarta.dll10.0.14393.0 (rs1_release.160715-1616)Windows NT MARTA providerMicrosoft® Windows® Operating SystemMicrosoft Corporationntmarta.dllMD5=854A3CAE7C97B630158C9F7EE8555970,SHA256=20F0A4D99C5095A0CAC39B816BFC987F64CD051843C79E027714666375986176,IMPHASH=98050D95AE15C8382F287539F2BF65FAtrueMicrosoft WindowsValid 734700x8000000000000000342371Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.644{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12,IMPHASH=67E6A4C8E164C0229E3FF1626F1894C6trueMicrosoft WindowsValid 734700x8000000000000000342370Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.642{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x8000000000000000342369Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.641{6820D070-4D64-6323-ED00-000000007502}61405612C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1a81b5a|C:\Program Files\Mozilla Firefox\xul.dll+1a7fb67|C:\Program Files\Mozilla Firefox\xul.dll+12cb5|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+127e7|C:\Program Files\Mozilla Firefox\xul.dll+9e0231|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000342368Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:24.641{6820D070-4D64-6323-ED00-000000007502}6140\chrome.6140.27.209039791C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000342367Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.632{6820D070-4D64-6323-ED00-000000007502}61404084C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+114dfb|C:\Program Files\Mozilla Firefox\xul.dll+12ee2b1|C:\Windows\SYSTEM32\ntdll.dll+7f61d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed13|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000342366Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:24.631{6820D070-4D64-6323-ED00-000000007502}6140\gecko-crash-server-pipe.6140C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000342365Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.623{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\version.dll10.0.14393.0 (rs1_release.160715-1616)Version Checking and File Installation LibrariesMicrosoft® Windows® Operating SystemMicrosoft CorporationVERSION.DLLMD5=CFDB018AC09F879CAAE7A66CA7880D57,SHA256=6AB95FD0D142CFFC3B9455AF51F003E1CD75B7F4323820390B975F9E1C8A47A5,IMPHASH=9A7C66851249D4CED6C2C9096DCA243BtrueMicrosoft WindowsValid 734700x8000000000000000342364Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.622{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\SHCore.dll10.0.14393.5066 (rs1_release.220401-1841)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=FC58D75DDAF44088B9101BE2418B1967,SHA256=74A0CCA04F2405A329897A6A1A3E90A0CE48E5772F85E7188C75677CD9D78160,IMPHASH=3C09BDCE2388320645D7656AE2AC744CtrueMicrosoft WindowsValid 734700x8000000000000000342363Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.622{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\combase.dll10.0.14393.5192 (rs1_release.220610-1622)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=336FBB55FF4D4E5A05343A51C98A8F74,SHA256=FD42EBCB39DD4311FA7515010FF4D08AC4DFF7D5C35FCB23207833ED4C2E8444,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000342362Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.622{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\d3d10warp.dll10.0.14393.2608 (rs1_release.181024-1742)Direct3D 10 RasterizerMicrosoft® Windows® Operating SystemMicrosoft CorporationD3D10Warp.dllMD5=B69F0419A16A616FE2D779EC98CD7FB9,SHA256=2D10B43F2137433E48A009227487C691E312D186691485D33B4FDF90D8423C9D,IMPHASH=E32C7474360C94A9FE5E17141A4AB35FtrueMicrosoft WindowsValid 734700x8000000000000000342361Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.615{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000342360Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.615{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000342359Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.615{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36,IMPHASH=FF25576501EAFD13671A6D5075C4513EtrueMicrosoft WindowsValid 734700x8000000000000000342358Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.614{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000342357Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.613{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wintrust.dll10.0.14393.5125 (rs1_release.220429-1732)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=55FCE44E89BDA2444619661FE50F43EE,SHA256=420CACA0D821E7E9F1D1E683E9899BC2F6D5A4AA06C8D4BB23335DD9490CC0F8,IMPHASH=8B8383FC3FA03C92F859A2AF899A52ADtrueMicrosoft WindowsValid 734700x8000000000000000342356Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.613{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll104.0.2-FirefoxMozilla Foundationxul.dllMD5=0A51F22D078855CE4E32F0987E9B06C6,SHA256=CD073C7F42A13D192E8E96AC16B0C2BE56D40424768DC65733380AB4AFBD4716,IMPHASH=9A9A84C657A1B1C5F1F6F1989D349543trueMozilla CorporationValid 734700x8000000000000000342355Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.611{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ResourcePolicyClient.dll10.0.14393.3808 (rs1_release.200707-2105)Resource Policy ClientMicrosoft® Windows® Operating SystemMicrosoft CorporationResourcePolicyClient.dllMD5=8FD5FEFE4E020BBC2D95F07BCDC84F71,SHA256=E5E351822CCDEBF81C47C4CA1D5C158E2880C1BD29CA024D163FD9316F3046AE,IMPHASH=E494F732179E765F2CE18BC21CDB1948trueMicrosoft WindowsValid 734700x8000000000000000342354Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.609{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\lgpllibs.dll104.0.2-FirefoxMozilla Foundationlgpllibs.dllMD5=8A81C934123E7CA79B7A1741570D3336,SHA256=0A0F351BBB315E6364398A55F77607E57C29CB83BEE9FC6D7EA6DC3D761964DA,IMPHASH=451AECEA9F58042E76D96A82BE2804FAtrueMozilla CorporationValid 734700x8000000000000000342353Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.609{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\dxgi.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)DirectX Graphics InfrastructureMicrosoft® Windows® Operating SystemMicrosoft Corporationdxgi.dllMD5=3925E01E00CC6FF3435E0657E78562D0,SHA256=843F42CE8D28816A990ADB0B9393592703F8CE5A4008E5F5513815A2886F973F,IMPHASH=83736A76214A92F5C1B53248D0C22863trueMicrosoft WindowsValid 734700x8000000000000000342352Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.609{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wsock32.dll10.0.14393.0 (rs1_release.160715-1616)Windows Socket 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationwsock32.dllMD5=9471D5E2FEDF5552440BF935143DFAB0,SHA256=B489197F05EFFFB17F10FA9942DB88100C86BEB8291F9ACC8EB38BEF751BF90D,IMPHASH=6D33A1BDF842DEBFB889C44A830190E7trueMicrosoft WindowsValid 734700x8000000000000000342351Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.608{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000342350Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.607{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\d3d11.dll10.0.14393.5006 (rs1_release.220301-1704)Direct3D 11 RuntimeMicrosoft® Windows® Operating SystemMicrosoft CorporationD3D11.dllMD5=C9DBBC2C3A27BB195586C3BC3CDBC198,SHA256=005F60E22A386DB12FA086D7E83DE521B00F69B073D1859E4E13C3F745690638,IMPHASH=460DAE5CA92CB705C37D78BE630D6120trueMicrosoft WindowsValid 734700x8000000000000000342349Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.607{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\nss3.dll104.0.2-FirefoxMozilla Foundationnss3.dllMD5=53509A4511300964ADB047AD5F1F1170,SHA256=2241536476C6C2CCE371DCFB08432C351198809A577FFC2E79D27FCEAAB6FEE5,IMPHASH=C637BF48786E5FC945D5268F49B50500trueMozilla CorporationValid 734700x8000000000000000342348Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.605{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\MSAudDecMFT.dll10.0.14393.206 (rs1_release.160915-0644)Media Foundation Audio DecodersMicrosoft® Windows® Operating SystemMicrosoft CorporationMSAudDecMFT.dllMD5=899A520E5B6B8631DF6863BBD33A4264,SHA256=2A23CAF4CC2D11A20574EDE1755D03F4FF1ECDCE3D626A69D85CFE46703BC97D,IMPHASH=564825227B20C446A4E5874DD1BAF1FAtrueMicrosoft WindowsValid 734700x8000000000000000342347Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.605{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 734700x8000000000000000342346Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.604{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\gdi32full.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F284A98093B423946252259D7D2857D3,SHA256=193F70529B68EF108EA17ABC069E6DACF4541A547DF1D2F249F7555A58BCFA07,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000342345Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.604{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msdmo.dll10.0.14393.0 (rs1_release.160715-1616)DMO RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationmsdmo.dllMD5=3246C9C5ECF6555103C7119161ACC8C8,SHA256=3A29292F04B09A91C305062E00756194A83BDEA3ABB1BFB783D908E6D1BEBFBC,IMPHASH=B5AB2AA782AD334C5633AAE30A2CFF41trueMicrosoft WindowsValid 734700x8000000000000000342344Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.603{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000342343Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.602{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000342342Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.602{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000342341Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.602{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\MP3DMOD.DLL10.0.14393.0 (rs1_release.160715-1616)Microsoft MP3 Decoder DMOMicrosoft® Windows® Operating SystemMicrosoft Corporationmp3dmod.dllMD5=A9B35CD3C0A14AE1B9DAA8E4114B8E49,SHA256=25142AF94A5C151055C5DAAB89D183F923CE47EE61D8D3B38DE2BC833FC16E18,IMPHASH=33FA1A40805F452D7ED8E842BB1DA59BtrueMicrosoft WindowsValid 23542300x8000000000000000342340Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.601{6820D070-4D64-6323-ED00-000000007502}6140ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\qyyifi8m.default-release\cache2\doomed\17385MD5=3DC9BC9545DE79F528E88C1B4481CE13,SHA256=168F2ED634A71F06EADCF13A1DE415824D0719DAC6727725146761DC835382D5,IMPHASH=00000000000000000000000000000000falsetrue 734700x8000000000000000342339Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.600{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\rpcrt4.dll10.0.14393.5291 (rs1_release.220806-1444)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=F8550606B41FF309D9A1DC76BB4EE875,SHA256=A1FFDD6A2EDA9E0CF047C74B00649A2EA228E3B8BDE1761C66879FA40335C2EB,IMPHASH=C4246EC3F13C64466ED4274DBAA3B132trueMicrosoft WindowsValid 734700x8000000000000000342338Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.599{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\sechost.dll10.0.14393.5006 (rs1_release.220301-1704)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=9F0F4C38A22FC9FFB8814F77A9563680,SHA256=E9ABDA1063716301F5D06DBC94D6A35B3F53A14B946525E5F764485132DB6166,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000342337Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.598{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 23542300x8000000000000000342336Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.598{6820D070-4AF2-6323-7D00-000000007502}3084NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=720C3BE894406154CDCC9EB0E161D2F4,SHA256=E7A2FCA69D4A1CFCD7AFE237953D61D172F2DB285B891191154259210EF37B90,IMPHASH=00000000000000000000000000000000falsetrue 734700x8000000000000000342335Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.598{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000342334Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.597{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\advapi32.dll10.0.14393.4886 (rs1_release.220104-1735)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=C42106182CCA611F629E46981D1A0EEA,SHA256=68C134F95A8D38AE84545C8D581F4BF808B6C9D97513EA3CABF019C66419CBAE,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x8000000000000000342333Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.597{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\mfperfhelper.dll10.0.14393.0 (rs1_release.160715-1616)MFPerf DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmfperfhelper.dllMD5=DAD53152E620AB1D256F531CCDDF4C96,SHA256=577A697C088A319A9839989E18548F46121E661D56C701DE0360905E814BC12D,IMPHASH=A00BC62B03D75EE2D584A9E7EFBA79A6trueMicrosoft WindowsValid 734700x8000000000000000342332Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.596{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msmpeg2vdec.dll10.0.14393.5006 (rs1_release.220301-1704)Microsoft DTV-DVD Video DecoderMicrosoft® Windows® Operating SystemMicrosoft CorporationMSMPEG2VDEC.dllMD5=F9F5163A7D9FABBA6525A212AB0EA8C8,SHA256=E8426B1A9761BD88599033D091BFBD03A27A23171B159C3BD135C9F10E2A61E1,IMPHASH=6B91AF8A332F21F82F6117F8D9E0B8DBtrueMicrosoft WindowsValid 734700x8000000000000000342331Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.596{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4770 (rs1_release.211101-1440)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=54417B63FB3760BC6DBC5DB1BDA4C272,SHA256=B7A8B457B252AB949C067D5FCFEFB2AE98E9115B958D2A0FC120D7B13B3E9FAD,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000342330Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.593{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000342329Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.591{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\vcruntime140_1.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140_1.dllMD5=135359D350F72AD4BF716B764D39E749,SHA256=34048ABAA070ECC13B318CEA31425F4CA3EDD133D350318AC65259E6058C8B32,IMPHASH=AE0BDE6314FA2027B54CE04898F6AB69trueMicrosoft CorporationValid 734700x8000000000000000342328Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.589{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\vcruntime140.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140.dllMD5=F34EB034AA4A9735218686590CBA2E8B,SHA256=9D2B40F0395CC5D1B4D5EA17B84970C29971D448C37104676DB577586D4AD1B1,IMPHASH=44C3854843F7A3FCCDF8DDBBEA66F302trueMicrosoft CorporationValid 23542300x8000000000000000342327Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.589{6820D070-4AF2-6323-7D00-000000007502}3084NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=84386CCB9FA9F61E37DCE0781C96DD7E,SHA256=EADA6D8D0A4AF55087A355B913384F038DD2F02FBBAA77251AEFB871344D55BA,IMPHASH=00000000000000000000000000000000falsetrue 734700x8000000000000000342326Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.588{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp140.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationmsvcp140.dllMD5=6DA7F4530EDB350CF9D967D969CCECF8,SHA256=9FEE6F36547D6F6EA7CA0338655555DBA6BB0F798BC60334D29B94D1547DA4DA,IMPHASH=2BA11FD5A511C8A409E705E9AB6B5DC1trueMicrosoft CorporationValid 734700x8000000000000000342325Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.587{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575,IMPHASH=CBD4A2FD581B65B4B1934DA291FA2B86trueMicrosoft WindowsValid 734700x8000000000000000342324Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.587{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242,IMPHASH=B6562243FBF394F03046E917C719260FtrueMicrosoft WindowsValid 734700x8000000000000000342323Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.587{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\evr.dll10.0.14393.2515 (rs1_release_1.180830-1044)Enhanced Video Renderer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationevr.dllMD5=4F00E99C3E92226B072C0E80D52A82F4,SHA256=7788212BD473C69B3C8F6705A7470BE783BE0244BC289334EFA579AAD2C9A91C,IMPHASH=C44CF843A574B60FED1B4D29827EBA14trueMicrosoft WindowsValid 734700x8000000000000000342322Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.586{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\crypt32.dll10.0.14393.5291 (rs1_release.220806-1444)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=0D54B119907CCD11827832973EAB917D,SHA256=78C28A0165B0A2581662CFB3A89E319006518DC2E1A664E6027C7F8EBFA05D92,IMPHASH=42B269CD88D7BD841B43BB1788792A62trueMicrosoft WindowsValid 734700x8000000000000000342321Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.585{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\dxva2.dll10.0.14393.0 (rs1_release.160715-1616)DirectX Video Acceleration 2.0 DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationdxva2.dllMD5=DE24CAC5A0B3CE1AD8057FE258712365,SHA256=5CA1E7FBA01D92AA3F933A00E495460DC5DB38DAD2CAD370782474F50F9C964E,IMPHASH=338B9EB254A5341CE890B2511DF3DFAEtrueMicrosoft WindowsValid 734700x8000000000000000342320Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.585{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\mozglue.dll104.0.2-FirefoxMozilla Foundationmozglue.dllMD5=D81C40EAA529D675598BD3D88F4D273B,SHA256=F89754F1E16A89AF01B5A3B2F4FDE652AA14DBA3131FB9A831D1E51E2E4D9359,IMPHASH=59035CC8561E9C04E566E656F35B9519trueMozilla CorporationValid 734700x8000000000000000342319Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.584{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000342318Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.584{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\mf.dll10.0.14393.5006 (rs1_release.220301-1704)Media Foundation DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmf.dllMD5=B3125628D278292F8EB16B1DC0B7DDAF,SHA256=6BF3676FC778B95462F080EA33815AB5FCCC0EA2DE4EB086FCE786E2E1FD2662,IMPHASH=224763A9487AA02E14432742CBC2F08EtrueMicrosoft WindowsValid 734700x8000000000000000342317Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.582{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\RTWorkQ.dll10.0.14393.479 (rs1_release.161110-2025)Realtime WorkQueue DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationRTWorkQ.dllMD5=1EABA23A7305A232C9A16C14806ED091,SHA256=3AD1A84A56EE0DA68B40D40770787FEED3DCF4A74BE172F01BD837FD680396E6,IMPHASH=41E263D9EB0100A59E34B18CF8F6F725trueMicrosoft WindowsValid 734700x8000000000000000342316Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.581{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704,IMPHASH=1835EBC72F9ADB09C6FCFABC04AC9C89trueMicrosoft WindowsValid 734700x8000000000000000342315Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.581{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\KernelBase.dll10.0.14393.5246 (rs1_release.220701-1744)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=96EFBE3DB6300BB13E0720809302FF9F,SHA256=2DE51A861E8D47D75730027E8BD70554363E10449EC258527C491EE8D4A57C2F,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000342314Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.580{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=92D599E644B89C0F9E7DDB55762EBEA6,SHA256=F32D28EE73EADAF9EF3F30145FA3C52B88DF47236B8747434750832BF1B9CDEE,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000342313Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.580{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\mfplat.dll10.0.14393.4169 (rs1_release.210107-1130)Media Foundation Platform DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmfplat.dllMD5=6B3DD2386B60D0003B3A0A1AE706A9C5,SHA256=2DF94FA3C88D5D8AB5A981C0182263B5D8161CE0F96687D2DF7892EB4F25104C,IMPHASH=4B0B41F559164385A004BCC689586F63trueMicrosoft WindowsValid 734700x8000000000000000342312Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.579{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntdll.dll10.0.14393.5006 (rs1_release.220301-1704)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=F5EE39B17A8BCDEDC3D40997C26F62B1,SHA256=11C1C88B1CC11D9800DEEF27ED7ABDFDE3DC852687A3B9FBD5153284106E5952,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 23542300x8000000000000000342311Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.579{6820D070-4D64-6323-ED00-000000007502}6140ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\qyyifi8m.default-release\cache2\doomed\17610MD5=8C0D43B108A36B02FB72B6D5ED2932EB,SHA256=8EE9A9CB7581B5DE8324A3E91FC6439CD70186946FC8BFA38E6F7B93183E10C2,IMPHASH=00000000000000000000000000000000falsetrue 734700x8000000000000000342310Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.579{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\firefox.exe104.0.2FirefoxFirefoxMozilla Corporationfirefox.exeMD5=BBF69077780A3C362C8F6545B6B254B9,SHA256=9BA01237719ABB00128CC369D5BEA68E6EB6AFCAA47C4316EED174615B90E2B6,IMPHASH=9AE80BC4D7F699F3663D6FC8FC1CEAF0trueMozilla CorporationValid 10341000x8000000000000000342309Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.578{6820D070-4D64-6323-ED00-000000007502}61405612C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+9f9b59|C:\Program Files\Mozilla Firefox\xul.dll+7c6334|C:\Program Files\Mozilla Firefox\xul.dll+1a7fd3f|C:\Program Files\Mozilla Firefox\xul.dll+12cb5|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+127e7|C:\Program Files\Mozilla Firefox\xul.dll+9e0231|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342308Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.572{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342307Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.572{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342306Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.571{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342305Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.571{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342304Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.570{6820D070-4B7C-6323-8800-000000007502}6281180C:\Windows\system32\csrss.exe{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000342303Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.570{6820D070-4D64-6323-ED00-000000007502}61405840C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b830|C:\Windows\System32\KERNELBASE.dll+6f523|C:\Windows\System32\ADVAPI32.dll+189bf|C:\Program Files\Mozilla Firefox\firefox.exe+2bb52|C:\Program Files\Mozilla Firefox\firefox.exe+59d7|C:\Program Files\Mozilla Firefox\xul.dll+203367f|C:\Program Files\Mozilla Firefox\xul.dll+9f4a88|C:\Program Files\Mozilla Firefox\xul.dll+9f2b85|C:\Program Files\Mozilla Firefox\xul.dll+9faa2e|C:\Program Files\Mozilla Firefox\xul.dll+84ead3|C:\Program Files\Mozilla Firefox\xul.dll+17b26ed|C:\Program Files\Mozilla Firefox\xul.dll+17b0967|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+1fc8e|C:\Program Files\Mozilla Firefox\xul.dll+8523f7|C:\Program Files\Mozilla Firefox\nss3.dll+75edc|C:\Program Files\Mozilla Firefox\nss3.dll+8c1d1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000342302Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.570{6820D070-4DF8-6323-1B01-000000007502}948C:\Program Files\Mozilla Firefox\firefox.exe104.0.2FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6140.27.2090397917\1532420193" -parentBuildID 20220902153754 -sandboxingKind 1 -prefsHandle 8980 -prefMapHandle 3980 -prefsLen 31603 -prefMapSize 231974 -appDir "C:\Program Files\Mozilla Firefox\browser" - 6140 "\\.\pipe\gecko-crash-server-pipe.6140" 4292 2612e365048 utilityC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{6820D070-4B7D-6323-1F63-0C0000000000}0xc631f2LowMD5=BBF69077780A3C362C8F6545B6B254B9,SHA256=9BA01237719ABB00128CC369D5BEA68E6EB6AFCAA47C4316EED174615B90E2B6,IMPHASH=9AE80BC4D7F699F3663D6FC8FC1CEAF0{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 10341000x8000000000000000342301Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.569{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342300Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.569{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342299Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.568{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342298Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.568{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342297Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.568{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342296Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.568{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\mozavutil.dll104.0.2-FirefoxMozilla Foundationmozavutil.dllMD5=93209E2F0966FD267CCA5D52ED209298,SHA256=1B62422C2A6AF6AF87C781291CCE8D5AB31821F77BC1791E43F7A0CF4161B82C,IMPHASH=11BB9E641A35A22B0C79747CAD934F04trueMozilla CorporationValid 10341000x8000000000000000342295Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.568{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342294Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.568{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342293Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.567{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342292Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.567{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342291Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.567{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\mozavcodec.dll104.0.2-FirefoxMozilla Foundationmozavcodec.dllMD5=EF512B58F9F81486D14C33A60FCCF6EF,SHA256=DCCC26865E7C4842AC289219E0026654E454C3C1966ABB08D0DE6C25C046EAA9,IMPHASH=3FF103720EF814BD7CF637C6C5C071CFtrueMozilla CorporationValid 10341000x8000000000000000342290Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.567{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342289Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.567{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342288Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.567{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342287Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.566{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342286Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.566{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342285Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.566{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342284Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.566{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342283Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.566{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+406b6|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+54cfb|C:\Windows\System32\RPCRT4.dll+533da|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342282Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.565{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342281Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.565{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342280Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.565{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342279Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.564{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342278Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.564{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342277Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.564{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342276Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.564{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntmarta.dll10.0.14393.0 (rs1_release.160715-1616)Windows NT MARTA providerMicrosoft® Windows® Operating SystemMicrosoft Corporationntmarta.dllMD5=854A3CAE7C97B630158C9F7EE8555970,SHA256=20F0A4D99C5095A0CAC39B816BFC987F64CD051843C79E027714666375986176,IMPHASH=98050D95AE15C8382F287539F2BF65FAtrueMicrosoft WindowsValid 10341000x8000000000000000342275Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.564{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342274Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.564{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342273Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.563{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342272Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.563{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342271Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.563{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12,IMPHASH=67E6A4C8E164C0229E3FF1626F1894C6trueMicrosoft WindowsValid 17141700x8000000000000000342270Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:24.563{6820D070-4D64-6323-ED00-000000007502}6140\chrome.6140.27.209039791C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000342269Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.562{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x8000000000000000342268Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.561{6820D070-4D64-6323-ED00-000000007502}61405612C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1a81b5a|C:\Program Files\Mozilla Firefox\xul.dll+1a7fb67|C:\Program Files\Mozilla Firefox\xul.dll+12cb5|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+127e7|C:\Program Files\Mozilla Firefox\xul.dll+9e0231|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000342267Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:24.561{6820D070-4D64-6323-ED00-000000007502}6140\chrome.6140.26.58132647C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000342266Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.558{6820D070-4D64-6323-ED00-000000007502}61404084C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+114dfb|C:\Program Files\Mozilla Firefox\xul.dll+12ee2b1|C:\Windows\SYSTEM32\ntdll.dll+7f61d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed13|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000342265Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:24.557{6820D070-4D64-6323-ED00-000000007502}6140\gecko-crash-server-pipe.6140C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000342264Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.550{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\version.dll10.0.14393.0 (rs1_release.160715-1616)Version Checking and File Installation LibrariesMicrosoft® Windows® Operating SystemMicrosoft CorporationVERSION.DLLMD5=CFDB018AC09F879CAAE7A66CA7880D57,SHA256=6AB95FD0D142CFFC3B9455AF51F003E1CD75B7F4323820390B975F9E1C8A47A5,IMPHASH=9A7C66851249D4CED6C2C9096DCA243BtrueMicrosoft WindowsValid 734700x8000000000000000342263Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.550{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\SHCore.dll10.0.14393.5066 (rs1_release.220401-1841)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=FC58D75DDAF44088B9101BE2418B1967,SHA256=74A0CCA04F2405A329897A6A1A3E90A0CE48E5772F85E7188C75677CD9D78160,IMPHASH=3C09BDCE2388320645D7656AE2AC744CtrueMicrosoft WindowsValid 734700x8000000000000000342262Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.549{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\combase.dll10.0.14393.5192 (rs1_release.220610-1622)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=336FBB55FF4D4E5A05343A51C98A8F74,SHA256=FD42EBCB39DD4311FA7515010FF4D08AC4DFF7D5C35FCB23207833ED4C2E8444,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000342261Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.549{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000342260Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.548{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000342259Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.548{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36,IMPHASH=FF25576501EAFD13671A6D5075C4513EtrueMicrosoft WindowsValid 734700x8000000000000000342258Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.547{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000342257Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.547{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wintrust.dll10.0.14393.5125 (rs1_release.220429-1732)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=55FCE44E89BDA2444619661FE50F43EE,SHA256=420CACA0D821E7E9F1D1E683E9899BC2F6D5A4AA06C8D4BB23335DD9490CC0F8,IMPHASH=8B8383FC3FA03C92F859A2AF899A52ADtrueMicrosoft WindowsValid 734700x8000000000000000342256Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.546{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll104.0.2-FirefoxMozilla Foundationxul.dllMD5=0A51F22D078855CE4E32F0987E9B06C6,SHA256=CD073C7F42A13D192E8E96AC16B0C2BE56D40424768DC65733380AB4AFBD4716,IMPHASH=9A9A84C657A1B1C5F1F6F1989D349543trueMozilla CorporationValid 734700x8000000000000000342255Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.546{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\lgpllibs.dll104.0.2-FirefoxMozilla Foundationlgpllibs.dllMD5=8A81C934123E7CA79B7A1741570D3336,SHA256=0A0F351BBB315E6364398A55F77607E57C29CB83BEE9FC6D7EA6DC3D761964DA,IMPHASH=451AECEA9F58042E76D96A82BE2804FAtrueMozilla CorporationValid 734700x8000000000000000342254Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.545{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wsock32.dll10.0.14393.0 (rs1_release.160715-1616)Windows Socket 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationwsock32.dllMD5=9471D5E2FEDF5552440BF935143DFAB0,SHA256=B489197F05EFFFB17F10FA9942DB88100C86BEB8291F9ACC8EB38BEF751BF90D,IMPHASH=6D33A1BDF842DEBFB889C44A830190E7trueMicrosoft WindowsValid 734700x8000000000000000342253Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.544{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000342252Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.544{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\nss3.dll104.0.2-FirefoxMozilla Foundationnss3.dllMD5=53509A4511300964ADB047AD5F1F1170,SHA256=2241536476C6C2CCE371DCFB08432C351198809A577FFC2E79D27FCEAAB6FEE5,IMPHASH=C637BF48786E5FC945D5268F49B50500trueMozilla CorporationValid 734700x8000000000000000342251Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.542{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 734700x8000000000000000342250Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.540{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\gdi32full.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F284A98093B423946252259D7D2857D3,SHA256=193F70529B68EF108EA17ABC069E6DACF4541A547DF1D2F249F7555A58BCFA07,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000342249Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.539{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000342248Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.539{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000342247Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.538{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000342246Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.537{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\rpcrt4.dll10.0.14393.5291 (rs1_release.220806-1444)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=F8550606B41FF309D9A1DC76BB4EE875,SHA256=A1FFDD6A2EDA9E0CF047C74B00649A2EA228E3B8BDE1761C66879FA40335C2EB,IMPHASH=C4246EC3F13C64466ED4274DBAA3B132trueMicrosoft WindowsValid 734700x8000000000000000342245Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.536{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\sechost.dll10.0.14393.5006 (rs1_release.220301-1704)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=9F0F4C38A22FC9FFB8814F77A9563680,SHA256=E9ABDA1063716301F5D06DBC94D6A35B3F53A14B946525E5F764485132DB6166,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000342244Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.536{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000342243Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.535{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\advapi32.dll10.0.14393.4886 (rs1_release.220104-1735)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=C42106182CCA611F629E46981D1A0EEA,SHA256=68C134F95A8D38AE84545C8D581F4BF808B6C9D97513EA3CABF019C66419CBAE,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x8000000000000000342242Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.534{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4770 (rs1_release.211101-1440)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=54417B63FB3760BC6DBC5DB1BDA4C272,SHA256=B7A8B457B252AB949C067D5FCFEFB2AE98E9115B958D2A0FC120D7B13B3E9FAD,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000342241Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.534{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000342240Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.531{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\vcruntime140_1.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140_1.dllMD5=135359D350F72AD4BF716B764D39E749,SHA256=34048ABAA070ECC13B318CEA31425F4CA3EDD133D350318AC65259E6058C8B32,IMPHASH=AE0BDE6314FA2027B54CE04898F6AB69trueMicrosoft CorporationValid 734700x8000000000000000342239Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.530{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\vcruntime140.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140.dllMD5=F34EB034AA4A9735218686590CBA2E8B,SHA256=9D2B40F0395CC5D1B4D5EA17B84970C29971D448C37104676DB577586D4AD1B1,IMPHASH=44C3854843F7A3FCCDF8DDBBEA66F302trueMicrosoft CorporationValid 734700x8000000000000000342238Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.529{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp140.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationmsvcp140.dllMD5=6DA7F4530EDB350CF9D967D969CCECF8,SHA256=9FEE6F36547D6F6EA7CA0338655555DBA6BB0F798BC60334D29B94D1547DA4DA,IMPHASH=2BA11FD5A511C8A409E705E9AB6B5DC1trueMicrosoft CorporationValid 734700x8000000000000000342237Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.528{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242,IMPHASH=B6562243FBF394F03046E917C719260FtrueMicrosoft WindowsValid 734700x8000000000000000342236Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.527{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\crypt32.dll10.0.14393.5291 (rs1_release.220806-1444)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=0D54B119907CCD11827832973EAB917D,SHA256=78C28A0165B0A2581662CFB3A89E319006518DC2E1A664E6027C7F8EBFA05D92,IMPHASH=42B269CD88D7BD841B43BB1788792A62trueMicrosoft WindowsValid 734700x8000000000000000342235Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.526{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\mozglue.dll104.0.2-FirefoxMozilla Foundationmozglue.dllMD5=D81C40EAA529D675598BD3D88F4D273B,SHA256=F89754F1E16A89AF01B5A3B2F4FDE652AA14DBA3131FB9A831D1E51E2E4D9359,IMPHASH=59035CC8561E9C04E566E656F35B9519trueMozilla CorporationValid 734700x8000000000000000342234Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.526{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000342233Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.523{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\KernelBase.dll10.0.14393.5246 (rs1_release.220701-1744)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=96EFBE3DB6300BB13E0720809302FF9F,SHA256=2DE51A861E8D47D75730027E8BD70554363E10449EC258527C491EE8D4A57C2F,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000342232Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.523{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=92D599E644B89C0F9E7DDB55762EBEA6,SHA256=F32D28EE73EADAF9EF3F30145FA3C52B88DF47236B8747434750832BF1B9CDEE,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000342231Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.522{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntdll.dll10.0.14393.5006 (rs1_release.220301-1704)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=F5EE39B17A8BCDEDC3D40997C26F62B1,SHA256=11C1C88B1CC11D9800DEEF27ED7ABDFDE3DC852687A3B9FBD5153284106E5952,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000342230Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.522{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\firefox.exe104.0.2FirefoxFirefoxMozilla Corporationfirefox.exeMD5=BBF69077780A3C362C8F6545B6B254B9,SHA256=9BA01237719ABB00128CC369D5BEA68E6EB6AFCAA47C4316EED174615B90E2B6,IMPHASH=9AE80BC4D7F699F3663D6FC8FC1CEAF0trueMozilla CorporationValid 10341000x8000000000000000342229Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.521{6820D070-4D64-6323-ED00-000000007502}61405612C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+9f9b59|C:\Program Files\Mozilla Firefox\xul.dll+7c6334|C:\Program Files\Mozilla Firefox\xul.dll+1a7fd3f|C:\Program Files\Mozilla Firefox\xul.dll+12cb5|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+127e7|C:\Program Files\Mozilla Firefox\xul.dll+9e0231|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342228Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.516{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342227Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.516{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342226Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.515{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342225Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.515{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342224Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.515{6820D070-4B7C-6323-8800-000000007502}6284268C:\Windows\system32\csrss.exe{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000342223Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.514{6820D070-4D64-6323-ED00-000000007502}61405840C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b830|C:\Windows\System32\KERNELBASE.dll+6f523|C:\Windows\System32\ADVAPI32.dll+189bf|C:\Program Files\Mozilla Firefox\firefox.exe+2bb52|C:\Program Files\Mozilla Firefox\firefox.exe+59d7|C:\Program Files\Mozilla Firefox\xul.dll+203367f|C:\Program Files\Mozilla Firefox\xul.dll+9f4a88|C:\Program Files\Mozilla Firefox\xul.dll+9f2b85|C:\Program Files\Mozilla Firefox\xul.dll+9faa2e|C:\Program Files\Mozilla Firefox\xul.dll+84ead3|C:\Program Files\Mozilla Firefox\xul.dll+17b26ed|C:\Program Files\Mozilla Firefox\xul.dll+17b0967|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+1fc8e|C:\Program Files\Mozilla Firefox\xul.dll+8523f7|C:\Program Files\Mozilla Firefox\nss3.dll+75edc|C:\Program Files\Mozilla Firefox\nss3.dll+8c1d1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000342222Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.514{6820D070-4DF8-6323-1A01-000000007502}6424C:\Program Files\Mozilla Firefox\firefox.exe104.0.2FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6140.26.581326470\1730321546" -parentBuildID 20220902153754 -prefsHandle 7116 -prefMapHandle 4728 -prefsLen 31603 -prefMapSize 231974 -appDir "C:\Program Files\Mozilla Firefox\browser" - 6140 "\\.\pipe\gecko-crash-server-pipe.6140" 8652 2612e2d3f48 rddC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{6820D070-4B7D-6323-1F63-0C0000000000}0xc631f2LowMD5=BBF69077780A3C362C8F6545B6B254B9,SHA256=9BA01237719ABB00128CC369D5BEA68E6EB6AFCAA47C4316EED174615B90E2B6,IMPHASH=9AE80BC4D7F699F3663D6FC8FC1CEAF0{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 10341000x8000000000000000342221Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.513{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342220Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.513{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342219Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.513{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342218Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.513{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342217Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.512{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342216Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.512{6820D070-4D66-6323-EE00-000000007502}5852C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\avrt.dll10.0.14393.2969 (rs1_release.190503-1820)Multimedia Realtime RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationavrt.dllMD5=8EC9E2490A9FFA637115F758B22FFF78,SHA256=1A3295CBF09E9367CCE68505D949D724FB9B66B4516770B7D594273C3BCFC5B8,IMPHASH=F266C00A61E480BB0A81B1A89DB30014trueMicrosoft WindowsValid 10341000x8000000000000000342215Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.512{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342214Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.512{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342213Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.512{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342212Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.512{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342211Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.511{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342210Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.511{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342209Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.511{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342208Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.511{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342207Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.511{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342206Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.511{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342205Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.510{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342204Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.510{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342203Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.510{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342202Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.510{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342201Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.509{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342200Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.509{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342199Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.509{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342198Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.509{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342197Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.508{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342196Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.508{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342195Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.508{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 17141700x8000000000000000342194Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:24.507{6820D070-4D64-6323-ED00-000000007502}6140\chrome.6140.26.58132647C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000342193Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.501{6820D070-4D98-6323-0701-000000007502}5152C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\mozavcodec.dll104.0.2-FirefoxMozilla Foundationmozavcodec.dllMD5=EF512B58F9F81486D14C33A60FCCF6EF,SHA256=DCCC26865E7C4842AC289219E0026654E454C3C1966ABB08D0DE6C25C046EAA9,IMPHASH=3FF103720EF814BD7CF637C6C5C071CFtrueMozilla CorporationValid 734700x8000000000000000342192Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.500{6820D070-4D98-6323-0701-000000007502}5152C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\mozavutil.dll104.0.2-FirefoxMozilla Foundationmozavutil.dllMD5=93209E2F0966FD267CCA5D52ED209298,SHA256=1B62422C2A6AF6AF87C781291CCE8D5AB31821F77BC1791E43F7A0CF4161B82C,IMPHASH=11BB9E641A35A22B0C79747CAD934F04trueMozilla CorporationValid 354300x8000000000000000342191Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:22.462{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50208-false142.250.191.161ord38s30-in-f1.1e100.net443https 354300x8000000000000000342190Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:22.461{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50207-false142.250.191.162ord38s30-in-f2.1e100.net443https 354300x8000000000000000342189Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:22.438{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50206-false142.250.191.162ord38s30-in-f2.1e100.net443https 734700x8000000000000000342188Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.400{6820D070-4DF8-6323-1901-000000007502}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x8000000000000000342187Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.398{6820D070-4DF8-6323-1901-000000007502}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000342186Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.397{6820D070-4DF8-6323-1901-000000007502}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 354300x8000000000000000342185Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:22.425{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50205-false142.250.191.161ord38s30-in-f1.1e100.net443https 354300x8000000000000000342184Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:22.425{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50204-false142.250.191.161ord38s30-in-f1.1e100.net443https 354300x8000000000000000342183Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:22.423{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50203-false142.250.191.161ord38s30-in-f1.1e100.net443https 354300x8000000000000000342182Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:22.422{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50202-false142.250.191.161ord38s30-in-f1.1e100.net443https 354300x8000000000000000342181Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:22.421{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50201-false142.250.191.161ord38s30-in-f1.1e100.net443https 354300x8000000000000000342180Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:22.403{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local59604- 354300x8000000000000000342179Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:22.399{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50200-false142.250.191.162ord38s30-in-f2.1e100.net443https 354300x8000000000000000342178Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:22.383{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local62886- 354300x8000000000000000342177Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:22.381{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local55874- 354300x8000000000000000342176Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:22.380{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local56174- 10341000x8000000000000000342175Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.229{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF7-6323-1801-000000007502}6996C:\Program Files\Mozilla Firefox\firefox.exe0x1010C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000342174Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.229{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF7-6323-1801-000000007502}6996C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000342173Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.229{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF7-6323-1801-000000007502}6996C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000342172Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.228{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF7-6323-1801-000000007502}6996C:\Program Files\Mozilla Firefox\firefox.exe0x1010C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000342171Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.228{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF7-6323-1801-000000007502}6996C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000342170Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.228{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF7-6323-1801-000000007502}6996C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 734700x8000000000000000342169Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.220{6820D070-4DF8-6323-1901-000000007502}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000342168Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.220{6820D070-4DF8-6323-1901-000000007502}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000342167Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.219{6820D070-4DF8-6323-1901-000000007502}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000342166Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.218{6820D070-4DF8-6323-1901-000000007502}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.5066 (rs1_release.220401-1841)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=75E3DE473374E0BCBBD1EC60036A93EC,SHA256=23EBE577D2080D4C7532184B69E44BF640BB44084F9046A5AF364268A7BDB1EC,IMPHASH=6CC8301D560C9DC6CB13A6320F3A3B1FtrueMicrosoft WindowsValid 734700x8000000000000000342165Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.216{6820D070-4DF8-6323-1901-000000007502}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000342164Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.216{6820D070-4DF8-6323-1901-000000007502}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.5066 (rs1_release.220401-1841)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3D375474E2FE9A77D243E35954287188,SHA256=7850F11166D7CACED6F628033524ED86191AE92772000AFA677E59A664396E8C,IMPHASH=6990BA83B94C81786A84E6C44E699D03trueMicrosoft WindowsValid 734700x8000000000000000342163Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.216{6820D070-4DF8-6323-1901-000000007502}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000342162Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.215{6820D070-4DF8-6323-1901-000000007502}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.5125 (rs1_release.220429-1732)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=E8FF656B90334BED915B2BC6BBE57C9A,SHA256=8BB399AD98B9D9C637D09EB48306B1E80C50BAA7D1C9811595D9042E4294173C,IMPHASH=FE007B4B6CED5075C98434207FFF87E0trueMicrosoft WindowsValid 734700x8000000000000000342161Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.207{6820D070-4DF8-6323-1901-000000007502}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000342160Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.207{6820D070-4DF8-6323-1901-000000007502}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000342159Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.206{6820D070-4DF8-6323-1901-000000007502}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000342158Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.206{6820D070-4DF8-6323-1901-000000007502}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4770 (rs1_release.211101-1440)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=54417B63FB3760BC6DBC5DB1BDA4C272,SHA256=B7A8B457B252AB949C067D5FCFEFB2AE98E9115B958D2A0FC120D7B13B3E9FAD,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000342157Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.206{6820D070-4DF8-6323-1901-000000007502}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.5192 (rs1_release.220610-1622)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=336FBB55FF4D4E5A05343A51C98A8F74,SHA256=FD42EBCB39DD4311FA7515010FF4D08AC4DFF7D5C35FCB23207833ED4C2E8444,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000342156Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.204{6820D070-4DF8-6323-1901-000000007502}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000342155Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.204{6820D070-4DF8-6323-1901-000000007502}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000342154Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.204{6820D070-4DF8-6323-1901-000000007502}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=EB53D1BF6E1667C8727EBBB5D5A862ED,SHA256=2B3D48DFA43A284B1C66A8A98B0A48104133D86EEEB2E8E060BE2281CF476348,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000342153Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.204{6820D070-4DF8-6323-1901-000000007502}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000342152Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.204{6820D070-4DF8-6323-1901-000000007502}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F284A98093B423946252259D7D2857D3,SHA256=193F70529B68EF108EA17ABC069E6DACF4541A547DF1D2F249F7555A58BCFA07,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000342151Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.204{6820D070-4DF8-6323-1901-000000007502}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.5192 (rs1_release.220610-1622)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=48620A4A9EE4129296C93ED63D5363B2,SHA256=1FACA8BACE6051E29DEB1BB593B7F17FDABCCFC7A0FC4562BD77AA7CFB579435,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000342150Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.203{6820D070-4DF8-6323-1901-000000007502}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000342149Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.203{6820D070-4DF8-6323-1901-000000007502}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000342148Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.203{6820D070-4DF8-6323-1901-000000007502}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000342147Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.203{6820D070-4DF8-6323-1901-000000007502}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2zaOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=B28B29D2F85EB8349BFB5E7214D7F4D5,SHA256=17260ACBE55D8988E598ECEFBC60140EBE057336B47D8089444588321F067280,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000342146Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.202{6820D070-4DF8-6323-1901-000000007502}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=AD564ED89D67D88709AA5980BAE20604,SHA256=0EEBE5AA750667908006742E133AE1C273D966897B95B1A0E63826450BB4780A,IMPHASH=A48DFE6DD98128BE3EB687CBF2724A44trueSplunk, Inc.Valid 734700x8000000000000000342145Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.202{6820D070-4DF8-6323-1901-000000007502}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=98C643DECFE1971BE3E8B076B19BFD72,SHA256=A520C20F316C902985449BC17AB5F86FCF2F41420B08C1AE08BA06E767EB49F3,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000342144Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.202{6820D070-4DF8-6323-1901-000000007502}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.5291 (rs1_release.220806-1444)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=F8550606B41FF309D9A1DC76BB4EE875,SHA256=A1FFDD6A2EDA9E0CF047C74B00649A2EA228E3B8BDE1761C66879FA40335C2EB,IMPHASH=C4246EC3F13C64466ED4274DBAA3B132trueMicrosoft WindowsValid 734700x8000000000000000342143Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.201{6820D070-4DF8-6323-1901-000000007502}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=9BC99DECE580BD163AC318FCD1ACB667,SHA256=94BA08021E14476ED8EC2DC81165574B64274E20F2D8DE9CA98CD0D10CE279F7,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000342142Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.201{6820D070-4DF8-6323-1901-000000007502}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.5006 (rs1_release.220301-1704)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=9F0F4C38A22FC9FFB8814F77A9563680,SHA256=E9ABDA1063716301F5D06DBC94D6A35B3F53A14B946525E5F764485132DB6166,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000342141Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.201{6820D070-4DF8-6323-1901-000000007502}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2zaOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=0FE6D3D4B3F4B0F5502371832D12BB8E,SHA256=3DF79909021C72E70D2AE273587296E5E2D5F77315011B5C3115CFA359682647,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000342140Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.201{6820D070-4DF8-6323-1901-000000007502}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=FBA0D04D5A8AEA25D86EC623A14D0056,SHA256=D64FE508393C40160D1EFB22149C69763CBAA921BD1BC74C8D4AE59A10C3B767,IMPHASH=987AB6B8B03EE421D8CC59EAFE452916trueSplunk, Inc.Valid 734700x8000000000000000342139Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.201{6820D070-4DF8-6323-1901-000000007502}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000342138Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.201{6820D070-4DF8-6323-1901-000000007502}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000342137Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.201{6820D070-4DF8-6323-1901-000000007502}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000342136Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.201{6820D070-4DF8-6323-1901-000000007502}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.10libxml2 librarylibxml2-libxml2.dllMD5=20596DB2126E9F188727597F0FCC7CDB,SHA256=BAD6246A2B43B07FE80643DE40B0CE49751C8E0B95B076AD94E59F16CE8D8C0C,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000342135Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.201{6820D070-4DF8-6323-1901-000000007502}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518F,IMPHASH=74D3C2DA8B6F9861866B866AE40683D3trueMicrosoft WindowsValid 734700x8000000000000000342134Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.200{6820D070-4DF8-6323-1901-000000007502}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.4886 (rs1_release.220104-1735)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=C42106182CCA611F629E46981D1A0EEA,SHA256=68C134F95A8D38AE84545C8D581F4BF808B6C9D97513EA3CABF019C66419CBAE,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x8000000000000000342133Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.199{6820D070-4AE0-6323-3A00-000000007502}34043444C:\Windows\system32\conhost.exe{6820D070-4DF8-6323-1901-000000007502}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8df|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342132Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.198{6820D070-4DF8-6323-1901-000000007502}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.5246 (rs1_release.220701-1744)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=96EFBE3DB6300BB13E0720809302FF9F,SHA256=2DE51A861E8D47D75730027E8BD70554363E10449EC258527C491EE8D4A57C2F,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000342131Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.197{6820D070-4DF8-6323-1901-000000007502}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=92D599E644B89C0F9E7DDB55762EBEA6,SHA256=F32D28EE73EADAF9EF3F30145FA3C52B88DF47236B8747434750832BF1B9CDEE,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000342130Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.196{6820D070-4DF8-6323-1901-000000007502}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.5006 (rs1_release.220301-1704)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=F5EE39B17A8BCDEDC3D40997C26F62B1,SHA256=11C1C88B1CC11D9800DEEF27ED7ABDFDE3DC852687A3B9FBD5153284106E5952,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000342129Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.196{6820D070-4DF8-6323-1901-000000007502}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=679D3E04F6AB7B10FF27D06B29C27A12,SHA256=FF1B5220C99EA6173BE693E1C2D700873ADE2F8A73F503FC0D297EA0792756D1,IMPHASH=05D58741E22C6453F52C1A9326FAF02DtrueSplunk, Inc.Valid 10341000x8000000000000000342128Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.195{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342127Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.195{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342126Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.195{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342125Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.195{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342124Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.195{6820D070-4ACF-6323-0500-000000007502}404520C:\Windows\system32\csrss.exe{6820D070-4DF8-6323-1901-000000007502}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000342123Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.194{6820D070-4ADF-6323-3200-000000007502}29363888C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6820D070-4DF8-6323-1901-000000007502}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b830|C:\Windows\System32\KERNELBASE.dll+6b316|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e499f1|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+1b3255|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+1bd30d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+1b59b6|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+dd3c14|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+1bd79a|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+1c0f1c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+dd07d2|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+dd491d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+1bb965|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+dc694e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000342122Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.194{6820D070-4DF8-6323-1901-000000007502}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6820D070-4ACF-6323-E703-000000000000}0x3e70SystemMD5=679D3E04F6AB7B10FF27D06B29C27A12,SHA256=FF1B5220C99EA6173BE693E1C2D700873ADE2F8A73F503FC0D297EA0792756D1,IMPHASH=05D58741E22C6453F52C1A9326FAF02D{6820D070-4ADF-6323-3200-000000007502}2936C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 734700x8000000000000000342121Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.156{6820D070-4DF6-6323-1501-000000007502}6864C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\mswsock.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft Windows Sockets 2.0 Service ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationmswsock.dllMD5=B52ACA309FD6F72105951FFBA022327B,SHA256=02AB6CCE4BF0D3F075D5E982F5A4CBDB514CE7C245EA474D7846A86CD3F13202,IMPHASH=0E9C1FA273A5EFD763FAC8E145B20C80trueMicrosoft WindowsValid 23542300x8000000000000000342120Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.144{6820D070-4D64-6323-ED00-000000007502}6140ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\qyyifi8m.default-release\cache2\doomed\9373MD5=600925888DCECECCF117805A1A4E60A9,SHA256=68D5B033F7C9C0FC6763D5BAF36B8065F25C3230F699E49D914D8E75E3B1BCD2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000342119Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.062{6820D070-4D64-6323-ED00-000000007502}61404264C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF6-6323-1501-000000007502}6864C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+27040|C:\Program Files\Mozilla Firefox\xul.dll+e7c824|C:\Program Files\Mozilla Firefox\xul.dll+e76539|C:\Program Files\Mozilla Firefox\xul.dll+e76f08|C:\Program Files\Mozilla Firefox\xul.dll+e65430|C:\Program Files\Mozilla Firefox\xul.dll+42b8d36|C:\Program Files\Mozilla Firefox\xul.dll+2412b58|C:\Program Files\Mozilla Firefox\xul.dll+9b8b70|C:\Program Files\Mozilla Firefox\xul.dll+9707a1|C:\Program Files\Mozilla Firefox\xul.dll+1810d8|C:\Program Files\Mozilla Firefox\xul.dll+9bc4e5|C:\Program Files\Mozilla Firefox\xul.dll+97c5dc|C:\Program Files\Mozilla Firefox\xul.dll+97f821|C:\Program Files\Mozilla Firefox\xul.dll+97e4db|C:\Program Files\Mozilla Firefox\xul.dll+97d705|C:\Program Files\Mozilla Firefox\xul.dll+988af0|C:\Program Files\Mozilla Firefox\xul.dll+8b5b12|C:\Program Files\Mozilla Firefox\xul.dll+83635f|C:\Program Files\Mozilla Firefox\xul.dll+1a629d7|C:\Program Files\Mozilla Firefox\xul.dll+17b18ec|C:\Program Files\Mozilla Firefox\xul.dll+1a88fb4|C:\Program Files\Mozilla Firefox\xul.dll+9e349f 22542200x8000000000000000342118Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.086{6820D070-4D64-6323-ED00-000000007502}6140t.teads.tv0type: 5 t.teads.tv.edgekey.net;type: 5 e9957.d.akamaiedge.net;::ffff:23.48.205.83;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000342117Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:22.416{6820D070-4D64-6323-ED00-000000007502}6140cdn-content.ampproject.org02607:f8b0:4009:804::2001;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000189935Microsoft-Windows-Sysmon/Operationalwin-host-ctus-attack-range-102-2022-09-15 16:08:24.211{E743DC12-4AD0-6323-1D00-000000007602}19442908C:\Program Files\Aurora-Agent\aurora-agent.exe{E743DC12-4B84-6323-9000-000000007602}4336C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000013180610) 10341000x8000000000000000189934Microsoft-Windows-Sysmon/Operationalwin-host-ctus-attack-range-102-2022-09-15 16:08:24.202{E743DC12-4AD0-6323-1D00-000000007602}19442908C:\Program Files\Aurora-Agent\aurora-agent.exe{E743DC12-4B83-6323-8F00-000000007602}4236C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000013180610) 10341000x8000000000000000189933Microsoft-Windows-Sysmon/Operationalwin-host-ctus-attack-range-102-2022-09-15 16:08:24.189{E743DC12-4AD0-6323-1D00-000000007602}19442908C:\Program Files\Aurora-Agent\aurora-agent.exe{E743DC12-4B82-6323-8E00-000000007602}3356C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000013180610) 10341000x8000000000000000189932Microsoft-Windows-Sysmon/Operationalwin-host-ctus-attack-range-102-2022-09-15 16:08:24.184{E743DC12-4AD0-6323-1D00-000000007602}19442908C:\Program Files\Aurora-Agent\aurora-agent.exe{E743DC12-4B82-6323-8700-000000007602}3644C:\Windows\system32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000013180610) 10341000x8000000000000000189931Microsoft-Windows-Sysmon/Operationalwin-host-ctus-attack-range-102-2022-09-15 16:08:24.178{E743DC12-4AD0-6323-1D00-000000007602}19442908C:\Program Files\Aurora-Agent\aurora-agent.exe{E743DC12-4B81-6323-8400-000000007602}3052C:\Windows\System32\rdpclip.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000013180610) 10341000x8000000000000000189930Microsoft-Windows-Sysmon/Operationalwin-host-ctus-attack-range-102-2022-09-15 16:08:24.166{E743DC12-4AD0-6323-1D00-000000007602}19442908C:\Program Files\Aurora-Agent\aurora-agent.exe{E743DC12-4B80-6323-8100-000000007602}640C:\Windows\system32\dwm.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000013180610) 10341000x8000000000000000189929Microsoft-Windows-Sysmon/Operationalwin-host-ctus-attack-range-102-2022-09-15 16:08:24.166{E743DC12-4AD0-6323-1D00-000000007602}19442908C:\Program Files\Aurora-Agent\aurora-agent.exe{E743DC12-4B7F-6323-7F00-000000007602}1676C:\Windows\system32\winlogon.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000013180610) 10341000x8000000000000000189928Microsoft-Windows-Sysmon/Operationalwin-host-ctus-attack-range-102-2022-09-15 16:08:24.162{E743DC12-4AD0-6323-1D00-000000007602}19442908C:\Program Files\Aurora-Agent\aurora-agent.exe{E743DC12-4B4B-6323-7B00-000000007602}2656C:\Windows\System32\msdtc.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000013180610) 10341000x8000000000000000189927Microsoft-Windows-Sysmon/Operationalwin-host-ctus-attack-range-102-2022-09-15 16:08:24.162{E743DC12-4AD0-6323-1D00-000000007602}19442908C:\Program Files\Aurora-Agent\aurora-agent.exe{E743DC12-4AE3-6323-6D00-000000007602}3488C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000013180610) 10341000x8000000000000000189926Microsoft-Windows-Sysmon/Operationalwin-host-ctus-attack-range-102-2022-09-15 16:08:24.159{E743DC12-4AD0-6323-1D00-000000007602}19442908C:\Program Files\Aurora-Agent\aurora-agent.exe{E743DC12-4ADC-6323-6200-000000007602}4076C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000013180610) 10341000x8000000000000000189925Microsoft-Windows-Sysmon/Operationalwin-host-ctus-attack-range-102-2022-09-15 16:08:24.154{E743DC12-4AD0-6323-1D00-000000007602}19442908C:\Program Files\Aurora-Agent\aurora-agent.exe{E743DC12-4AD3-6323-4200-000000007602}3036C:\Windows\system32\wbem\wmiprvse.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000013180610) 10341000x8000000000000000189924Microsoft-Windows-Sysmon/Operationalwin-host-ctus-attack-range-102-2022-09-15 16:08:24.153{E743DC12-4AD0-6323-1D00-000000007602}19442908C:\Program Files\Aurora-Agent\aurora-agent.exe{E743DC12-4AD3-6323-4000-000000007602}3000C:\Windows\system32\conhost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000013180610) 10341000x8000000000000000189923Microsoft-Windows-Sysmon/Operationalwin-host-ctus-attack-range-102-2022-09-15 16:08:24.151{E743DC12-4AD0-6323-1D00-000000007602}19442908C:\Program Files\Aurora-Agent\aurora-agent.exe{E743DC12-4AD3-6323-3C00-000000007602}2820C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000013180610) 10341000x8000000000000000189922Microsoft-Windows-Sysmon/Operationalwin-host-ctus-attack-range-102-2022-09-15 16:08:24.149{E743DC12-4AD0-6323-1D00-000000007602}19442908C:\Program Files\Aurora-Agent\aurora-agent.exe{E743DC12-4AD2-6323-2B00-000000007602}2904C:\Windows\system32\conhost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000013180610) 10341000x8000000000000000189921Microsoft-Windows-Sysmon/Operationalwin-host-ctus-attack-range-102-2022-09-15 16:08:24.148{E743DC12-4AD0-6323-1D00-000000007602}19442908C:\Program Files\Aurora-Agent\aurora-agent.exe{E743DC12-4AD1-6323-2600-000000007602}2612C:\Windows\system32\wbem\unsecapp.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000013180610) 10341000x8000000000000000189920Microsoft-Windows-Sysmon/Operationalwin-host-ctus-attack-range-102-2022-09-15 16:08:24.146{E743DC12-4AD0-6323-1D00-000000007602}19442908C:\Program Files\Aurora-Agent\aurora-agent.exe{E743DC12-4AD1-6323-2500-000000007602}2360C:\Windows\system32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000013180610) 10341000x8000000000000000189919Microsoft-Windows-Sysmon/Operationalwin-host-ctus-attack-range-102-2022-09-15 16:08:24.138{E743DC12-4AD0-6323-1D00-000000007602}19442908C:\Program Files\Aurora-Agent\aurora-agent.exe{E743DC12-4AD1-6323-2200-000000007602}1196C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000013180610) 10341000x8000000000000000189918Microsoft-Windows-Sysmon/Operationalwin-host-ctus-attack-range-102-2022-09-15 16:08:24.134{E743DC12-4AD0-6323-1D00-000000007602}19442908C:\Program Files\Aurora-Agent\aurora-agent.exe{E743DC12-4AD0-6323-2100-000000007602}2020C:\Windows\sysmon64.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000013180610) 10341000x8000000000000000189917Microsoft-Windows-Sysmon/Operationalwin-host-ctus-attack-range-102-2022-09-15 16:08:24.128{E743DC12-4AD0-6323-1D00-000000007602}19442908C:\Program Files\Aurora-Agent\aurora-agent.exe{E743DC12-4AD0-6323-2000-000000007602}2000C:\Windows\system32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000013180610) 10341000x8000000000000000189916Microsoft-Windows-Sysmon/Operationalwin-host-ctus-attack-range-102-2022-09-15 16:08:24.128{E743DC12-4AD0-6323-1D00-000000007602}19442908C:\Program Files\Aurora-Agent\aurora-agent.exe{E743DC12-4AD0-6323-1F00-000000007602}1984C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000013180610) 10341000x8000000000000000189915Microsoft-Windows-Sysmon/Operationalwin-host-ctus-attack-range-102-2022-09-15 16:08:24.120{E743DC12-4AD0-6323-1D00-000000007602}19442908C:\Program Files\Aurora-Agent\aurora-agent.exe{E743DC12-4AD0-6323-1C00-000000007602}1924C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000013180610) 10341000x8000000000000000189914Microsoft-Windows-Sysmon/Operationalwin-host-ctus-attack-range-102-2022-09-15 16:08:24.109{E743DC12-4AD0-6323-1D00-000000007602}19442908C:\Program Files\Aurora-Agent\aurora-agent.exe{E743DC12-4AD0-6323-1900-000000007602}1780C:\Windows\System32\spoolsv.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000013180610) 10341000x8000000000000000189913Microsoft-Windows-Sysmon/Operationalwin-host-ctus-attack-range-102-2022-09-15 16:08:24.097{E743DC12-4AD0-6323-1D00-000000007602}19442908C:\Program Files\Aurora-Agent\aurora-agent.exe{E743DC12-4AD0-6323-1700-000000007602}1228C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000013180610) 10341000x8000000000000000189912Microsoft-Windows-Sysmon/Operationalwin-host-ctus-attack-range-102-2022-09-15 16:08:24.095{E743DC12-4AD0-6323-1D00-000000007602}19442908C:\Program Files\Aurora-Agent\aurora-agent.exe{E743DC12-4AD0-6323-1600-000000007602}1220C:\Windows\system32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000013180610) 10341000x8000000000000000189911Microsoft-Windows-Sysmon/Operationalwin-host-ctus-attack-range-102-2022-09-15 16:08:24.087{E743DC12-4AD0-6323-1D00-000000007602}19442908C:\Program Files\Aurora-Agent\aurora-agent.exe{E743DC12-4AD0-6323-1500-000000007602}1056C:\Windows\system32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000013180610) 10341000x8000000000000000189910Microsoft-Windows-Sysmon/Operationalwin-host-ctus-attack-range-102-2022-09-15 16:08:24.047{E743DC12-4AD0-6323-1D00-000000007602}19442908C:\Program Files\Aurora-Agent\aurora-agent.exe{E743DC12-4AD0-6323-1400-000000007602}1048C:\Windows\system32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000013180610) 10341000x8000000000000000189909Microsoft-Windows-Sysmon/Operationalwin-host-ctus-attack-range-102-2022-09-15 16:08:24.039{E743DC12-4AD0-6323-1D00-000000007602}19442908C:\Program Files\Aurora-Agent\aurora-agent.exe{E743DC12-4AD0-6323-1300-000000007602}872C:\Windows\system32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000013180610) 10341000x8000000000000000189908Microsoft-Windows-Sysmon/Operationalwin-host-ctus-attack-range-102-2022-09-15 16:08:24.029{E743DC12-4AD0-6323-1D00-000000007602}19442908C:\Program Files\Aurora-Agent\aurora-agent.exe{E743DC12-4AD0-6323-1200-000000007602}1008C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000013180610) 10341000x8000000000000000189907Microsoft-Windows-Sysmon/Operationalwin-host-ctus-attack-range-102-2022-09-15 16:08:24.017{E743DC12-4AD0-6323-1D00-000000007602}19442908C:\Program Files\Aurora-Agent\aurora-agent.exe{E743DC12-4AD0-6323-1100-000000007602}1000C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000013180610) 10341000x8000000000000000343200Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.695{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343199Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.694{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343198Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.694{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343197Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.694{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000343196Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.694{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\KernelBase.dll10.0.14393.5246 (rs1_release.220701-1744)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=96EFBE3DB6300BB13E0720809302FF9F,SHA256=2DE51A861E8D47D75730027E8BD70554363E10449EC258527C491EE8D4A57C2F,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 10341000x8000000000000000343195Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.694{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343194Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.694{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36,IMPHASH=FF25576501EAFD13671A6D5075C4513EtrueMicrosoft WindowsValid 10341000x8000000000000000343193Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.693{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343192Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.693{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343191Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.693{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343190Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.693{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343189Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.693{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343188Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.693{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343187Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.693{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343186Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.693{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704,IMPHASH=1835EBC72F9ADB09C6FCFABC04AC9C89trueMicrosoft WindowsValid 10341000x8000000000000000343185Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.693{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343184Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.693{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343183Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.693{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=92D599E644B89C0F9E7DDB55762EBEA6,SHA256=F32D28EE73EADAF9EF3F30145FA3C52B88DF47236B8747434750832BF1B9CDEE,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 10341000x8000000000000000343182Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.693{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000343181Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:25.693{6820D070-4D64-6323-ED00-000000007502}6140\gecko.6140.5612.2036714979929309955C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000343180Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:25.693{6820D070-4D64-6323-ED00-000000007502}6140\gecko.6140.5612.2036714979929309955C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000343179Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.692{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343178Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.692{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343177Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.692{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343176Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.692{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343175Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.692{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 10341000x8000000000000000343174Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.692{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343173Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.692{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winmmbase.dll10.0.14393.0 (rs1_release.160715-1616)Base Multimedia Extension API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMMbase.DLLMD5=24C1E8F8C10471C5A6F0E8AF141211EB,SHA256=75ECAE23C920D81614BA5C0648377C2FC04C7379FD6A388C244A81F50AAB7B1C,IMPHASH=0B9A3C99AAFA99247F9E2BD866186AEAtrueMicrosoft WindowsValid 734700x8000000000000000343172Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.692{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntdll.dll10.0.14393.5006 (rs1_release.220301-1704)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=F5EE39B17A8BCDEDC3D40997C26F62B1,SHA256=11C1C88B1CC11D9800DEEF27ED7ABDFDE3DC852687A3B9FBD5153284106E5952,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000343171Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.692{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 10341000x8000000000000000343170Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.691{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343169Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.691{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\firefox.exe104.0.2FirefoxFirefoxMozilla Corporationfirefox.exeMD5=BBF69077780A3C362C8F6545B6B254B9,SHA256=9BA01237719ABB00128CC369D5BEA68E6EB6AFCAA47C4316EED174615B90E2B6,IMPHASH=9AE80BC4D7F699F3663D6FC8FC1CEAF0trueMozilla CorporationValid 10341000x8000000000000000343168Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.691{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343167Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.691{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\nss3.dll104.0.2-FirefoxMozilla Foundationnss3.dllMD5=53509A4511300964ADB047AD5F1F1170,SHA256=2241536476C6C2CCE371DCFB08432C351198809A577FFC2E79D27FCEAAB6FEE5,IMPHASH=C637BF48786E5FC945D5268F49B50500trueMozilla CorporationValid 10341000x8000000000000000343166Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.691{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343165Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.690{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winmm.dll10.0.14393.0 (rs1_release.160715-1616)MCI API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMM.DLLMD5=F16410F5D557337B05CF4F93691EC106,SHA256=2B5BC3C0A6514356C6719298FC25D8D192A2C973EE3283EF48379D2745C9BD87,IMPHASH=9F0D37252D56D3F9E44E69CCC59B57AEtrueMicrosoft WindowsValid 10341000x8000000000000000343164Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.690{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343163Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.689{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 734700x8000000000000000343162Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.688{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\gdi32full.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F284A98093B423946252259D7D2857D3,SHA256=193F70529B68EF108EA17ABC069E6DACF4541A547DF1D2F249F7555A58BCFA07,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000343161Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.687{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000343160Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.687{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000343159Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.687{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x8000000000000000343158Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.686{6820D070-4B7C-6323-8800-000000007502}6281180C:\Windows\system32\csrss.exe{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000343157Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.686{6820D070-4D64-6323-ED00-000000007502}61405840C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b830|C:\Windows\System32\KERNELBASE.dll+6f523|C:\Windows\System32\ADVAPI32.dll+189bf|C:\Program Files\Mozilla Firefox\firefox.exe+2bb52|C:\Program Files\Mozilla Firefox\firefox.exe+59d7|C:\Program Files\Mozilla Firefox\xul.dll+203367f|C:\Program Files\Mozilla Firefox\xul.dll+9f4a88|C:\Program Files\Mozilla Firefox\xul.dll+9f2b85|C:\Program Files\Mozilla Firefox\xul.dll+9faa2e|C:\Program Files\Mozilla Firefox\xul.dll+84ead3|C:\Program Files\Mozilla Firefox\xul.dll+17b26ed|C:\Program Files\Mozilla Firefox\xul.dll+17b0885|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+1fc8e|C:\Program Files\Mozilla Firefox\xul.dll+8523f7|C:\Program Files\Mozilla Firefox\nss3.dll+75edc|C:\Program Files\Mozilla Firefox\nss3.dll+8c1d1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000343156Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.686{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exe104.0.2FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6140.36.1347607478\1179556380" -childID 33 -isForBrowser -prefsHandle 7420 -prefMapHandle 6988 -prefsLen 31603 -prefMapSize 231974 -jsInitHandle 1100 -jsInitLen 247228 -a11yResourceId 64 -parentBuildID 20220902153754 -appDir "C:\Program Files\Mozilla Firefox\browser" - 6140 "\\.\pipe\gecko-crash-server-pipe.6140" 5980 2612f6d0248 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{6820D070-4B7D-6323-1F63-0C0000000000}0xc631f2LowMD5=BBF69077780A3C362C8F6545B6B254B9,SHA256=9BA01237719ABB00128CC369D5BEA68E6EB6AFCAA47C4316EED174615B90E2B6,IMPHASH=9AE80BC4D7F699F3663D6FC8FC1CEAF0{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 10341000x8000000000000000343155Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.684{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343154Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.684{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4770 (rs1_release.211101-1440)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=54417B63FB3760BC6DBC5DB1BDA4C272,SHA256=B7A8B457B252AB949C067D5FCFEFB2AE98E9115B958D2A0FC120D7B13B3E9FAD,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000343153Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.684{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntmarta.dll10.0.14393.0 (rs1_release.160715-1616)Windows NT MARTA providerMicrosoft® Windows® Operating SystemMicrosoft Corporationntmarta.dllMD5=854A3CAE7C97B630158C9F7EE8555970,SHA256=20F0A4D99C5095A0CAC39B816BFC987F64CD051843C79E027714666375986176,IMPHASH=98050D95AE15C8382F287539F2BF65FAtrueMicrosoft WindowsValid 734700x8000000000000000343152Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.684{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x8000000000000000343151Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.684{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343150Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.684{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343149Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.684{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343148Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.683{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343147Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.683{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x8000000000000000343146Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.683{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343145Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.683{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343144Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.683{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343143Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.683{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12,IMPHASH=67E6A4C8E164C0229E3FF1626F1894C6trueMicrosoft WindowsValid 10341000x8000000000000000343142Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.683{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343141Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.682{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343140Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.682{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343139Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.682{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343138Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.682{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000343137Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.682{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x8000000000000000343136Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.682{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343135Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.682{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343134Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.681{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343133Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.681{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343132Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.681{6820D070-4D64-6323-ED00-000000007502}61405612C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1a81b5a|C:\Program Files\Mozilla Firefox\xul.dll+1a7f91c|C:\Program Files\Mozilla Firefox\xul.dll+12cb5|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+127e7|C:\Program Files\Mozilla Firefox\xul.dll+9e0231|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343131Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.681{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343130Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.681{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343129Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.681{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4770 (rs1_release.211101-1440)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=54417B63FB3760BC6DBC5DB1BDA4C272,SHA256=B7A8B457B252AB949C067D5FCFEFB2AE98E9115B958D2A0FC120D7B13B3E9FAD,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 10341000x8000000000000000343128Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.680{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343127Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.680{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343126Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.680{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 10341000x8000000000000000343125Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.680{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343124Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.680{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\vcruntime140_1.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140_1.dllMD5=135359D350F72AD4BF716B764D39E749,SHA256=34048ABAA070ECC13B318CEA31425F4CA3EDD133D350318AC65259E6058C8B32,IMPHASH=AE0BDE6314FA2027B54CE04898F6AB69trueMicrosoft CorporationValid 10341000x8000000000000000343123Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.679{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000343122Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:25.679{6820D070-4D64-6323-ED00-000000007502}6140\chrome.6140.31.49646927C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000343121Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.679{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343120Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.679{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343119Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.679{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\vcruntime140.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140.dllMD5=F34EB034AA4A9735218686590CBA2E8B,SHA256=9D2B40F0395CC5D1B4D5EA17B84970C29971D448C37104676DB577586D4AD1B1,IMPHASH=44C3854843F7A3FCCDF8DDBBEA66F302trueMicrosoft CorporationValid 10341000x8000000000000000343118Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.678{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343117Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.678{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343116Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.677{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\vcruntime140_1.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140_1.dllMD5=135359D350F72AD4BF716B764D39E749,SHA256=34048ABAA070ECC13B318CEA31425F4CA3EDD133D350318AC65259E6058C8B32,IMPHASH=AE0BDE6314FA2027B54CE04898F6AB69trueMicrosoft CorporationValid 734700x8000000000000000343115Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.677{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\vcruntime140.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140.dllMD5=F34EB034AA4A9735218686590CBA2E8B,SHA256=9D2B40F0395CC5D1B4D5EA17B84970C29971D448C37104676DB577586D4AD1B1,IMPHASH=44C3854843F7A3FCCDF8DDBBEA66F302trueMicrosoft CorporationValid 734700x8000000000000000343114Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.676{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp140.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationmsvcp140.dllMD5=6DA7F4530EDB350CF9D967D969CCECF8,SHA256=9FEE6F36547D6F6EA7CA0338655555DBA6BB0F798BC60334D29B94D1547DA4DA,IMPHASH=2BA11FD5A511C8A409E705E9AB6B5DC1trueMicrosoft CorporationValid 734700x8000000000000000343113Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.675{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242,IMPHASH=B6562243FBF394F03046E917C719260FtrueMicrosoft WindowsValid 10341000x8000000000000000343112Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.675{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+406b6|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+54cfb|C:\Windows\System32\RPCRT4.dll+533da|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343111Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.674{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wintrust.dll10.0.14393.5125 (rs1_release.220429-1732)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=55FCE44E89BDA2444619661FE50F43EE,SHA256=420CACA0D821E7E9F1D1E683E9899BC2F6D5A4AA06C8D4BB23335DD9490CC0F8,IMPHASH=8B8383FC3FA03C92F859A2AF899A52ADtrueMicrosoft WindowsValid 10341000x8000000000000000343110Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.673{6820D070-4B7C-6323-8800-000000007502}628648C:\Windows\system32\csrss.exe{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 734700x8000000000000000343109Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.673{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp140.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationmsvcp140.dllMD5=6DA7F4530EDB350CF9D967D969CCECF8,SHA256=9FEE6F36547D6F6EA7CA0338655555DBA6BB0F798BC60334D29B94D1547DA4DA,IMPHASH=2BA11FD5A511C8A409E705E9AB6B5DC1trueMicrosoft CorporationValid 10341000x8000000000000000343108Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.673{6820D070-4D64-6323-ED00-000000007502}61405840C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b830|C:\Windows\System32\KERNELBASE.dll+6f523|C:\Windows\System32\ADVAPI32.dll+189bf|C:\Program Files\Mozilla Firefox\firefox.exe+2bb52|C:\Program Files\Mozilla Firefox\firefox.exe+59d7|C:\Program Files\Mozilla Firefox\xul.dll+203367f|C:\Program Files\Mozilla Firefox\xul.dll+9f4a88|C:\Program Files\Mozilla Firefox\xul.dll+9f2b85|C:\Program Files\Mozilla Firefox\xul.dll+9faa2e|C:\Program Files\Mozilla Firefox\xul.dll+84ead3|C:\Program Files\Mozilla Firefox\xul.dll+17b26ed|C:\Program Files\Mozilla Firefox\xul.dll+17b0885|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+1fc8e|C:\Program Files\Mozilla Firefox\xul.dll+8523f7|C:\Program Files\Mozilla Firefox\nss3.dll+75edc|C:\Program Files\Mozilla Firefox\nss3.dll+8c1d1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000343107Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.673{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exe104.0.2FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6140.35.1838670629\1815245939" -childID 32 -isForBrowser -prefsHandle 8840 -prefMapHandle 7844 -prefsLen 31603 -prefMapSize 231974 -jsInitHandle 1100 -jsInitLen 247228 -a11yResourceId 64 -parentBuildID 20220902153754 -appDir "C:\Program Files\Mozilla Firefox\browser" - 6140 "\\.\pipe\gecko-crash-server-pipe.6140" 6136 2612f44d948 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{6820D070-4B7D-6323-1F63-0C0000000000}0xc631f2LowMD5=BBF69077780A3C362C8F6545B6B254B9,SHA256=9BA01237719ABB00128CC369D5BEA68E6EB6AFCAA47C4316EED174615B90E2B6,IMPHASH=9AE80BC4D7F699F3663D6FC8FC1CEAF0{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 734700x8000000000000000343106Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.672{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242,IMPHASH=B6562243FBF394F03046E917C719260FtrueMicrosoft WindowsValid 734700x8000000000000000343105Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.672{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\crypt32.dll10.0.14393.5291 (rs1_release.220806-1444)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=0D54B119907CCD11827832973EAB917D,SHA256=78C28A0165B0A2581662CFB3A89E319006518DC2E1A664E6027C7F8EBFA05D92,IMPHASH=42B269CD88D7BD841B43BB1788792A62trueMicrosoft WindowsValid 10341000x8000000000000000343104Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.671{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343103Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.671{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343102Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.671{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\mozglue.dll104.0.2-FirefoxMozilla Foundationmozglue.dllMD5=D81C40EAA529D675598BD3D88F4D273B,SHA256=F89754F1E16A89AF01B5A3B2F4FDE652AA14DBA3131FB9A831D1E51E2E4D9359,IMPHASH=59035CC8561E9C04E566E656F35B9519trueMozilla CorporationValid 10341000x8000000000000000343101Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.671{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343100Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.671{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343099Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.671{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343098Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.671{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343097Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.670{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343096Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.670{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343095Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.670{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343094Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.670{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 10341000x8000000000000000343093Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.670{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343092Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.670{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343091Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.669{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343090Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.669{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343089Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.669{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343088Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.668{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343087Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.668{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343086Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.668{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343085Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.668{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343084Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.667{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343083Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.667{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343082Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.667{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343081Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.667{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343080Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.667{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343079Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.666{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343078Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.666{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343077Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.666{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntmarta.dll10.0.14393.0 (rs1_release.160715-1616)Windows NT MARTA providerMicrosoft® Windows® Operating SystemMicrosoft Corporationntmarta.dllMD5=854A3CAE7C97B630158C9F7EE8555970,SHA256=20F0A4D99C5095A0CAC39B816BFC987F64CD051843C79E027714666375986176,IMPHASH=98050D95AE15C8382F287539F2BF65FAtrueMicrosoft WindowsValid 10341000x8000000000000000343076Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.666{6820D070-4D64-6323-ED00-000000007502}61404264C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+27040|C:\Program Files\Mozilla Firefox\xul.dll+e7c824|C:\Program Files\Mozilla Firefox\xul.dll+e76539|C:\Program Files\Mozilla Firefox\xul.dll+e6774a|C:\Program Files\Mozilla Firefox\xul.dll+378cdc3|C:\Program Files\Mozilla Firefox\xul.dll+7c6334|C:\Program Files\Mozilla Firefox\xul.dll+1a629d7|C:\Program Files\Mozilla Firefox\xul.dll+17b18ec|C:\Program Files\Mozilla Firefox\xul.dll+1a88fb4|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+1fc8e|C:\Program Files\Mozilla Firefox\xul.dll+180dd8|C:\Program Files\Mozilla Firefox\xul.dll+17fd52|C:\Program Files\Mozilla Firefox\xul.dll+44a9b51|C:\Program Files\Mozilla Firefox\xul.dll+4511b42|C:\Program Files\Mozilla Firefox\xul.dll+451296c|C:\Program Files\Mozilla Firefox\xul.dll+1f8be23|C:\Program Files\Mozilla Firefox\firefox.exe+19db6|C:\Program Files\Mozilla Firefox\firefox.exe+27d18|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343075Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.666{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\KernelBase.dll10.0.14393.5246 (rs1_release.220701-1744)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=96EFBE3DB6300BB13E0720809302FF9F,SHA256=2DE51A861E8D47D75730027E8BD70554363E10449EC258527C491EE8D4A57C2F,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 10341000x8000000000000000343074Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.666{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343073Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.665{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\crypt32.dll10.0.14393.5291 (rs1_release.220806-1444)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=0D54B119907CCD11827832973EAB917D,SHA256=78C28A0165B0A2581662CFB3A89E319006518DC2E1A664E6027C7F8EBFA05D92,IMPHASH=42B269CD88D7BD841B43BB1788792A62trueMicrosoft WindowsValid 734700x8000000000000000343072Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.665{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=92D599E644B89C0F9E7DDB55762EBEA6,SHA256=F32D28EE73EADAF9EF3F30145FA3C52B88DF47236B8747434750832BF1B9CDEE,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 10341000x8000000000000000343071Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.664{6820D070-4D64-6323-ED00-000000007502}61404264C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+27040|C:\Program Files\Mozilla Firefox\xul.dll+e7c824|C:\Program Files\Mozilla Firefox\xul.dll+e76539|C:\Program Files\Mozilla Firefox\xul.dll+e6774a|C:\Program Files\Mozilla Firefox\xul.dll+378cdc3|C:\Program Files\Mozilla Firefox\xul.dll+7c6334|C:\Program Files\Mozilla Firefox\xul.dll+1a629d7|C:\Program Files\Mozilla Firefox\xul.dll+17b18ec|C:\Program Files\Mozilla Firefox\xul.dll+1a88fb4|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+1fc8e|C:\Program Files\Mozilla Firefox\xul.dll+180dd8|C:\Program Files\Mozilla Firefox\xul.dll+17fd52|C:\Program Files\Mozilla Firefox\xul.dll+44a9b51|C:\Program Files\Mozilla Firefox\xul.dll+4511b42|C:\Program Files\Mozilla Firefox\xul.dll+451296c|C:\Program Files\Mozilla Firefox\xul.dll+1f8be23|C:\Program Files\Mozilla Firefox\firefox.exe+19db6|C:\Program Files\Mozilla Firefox\firefox.exe+27d18|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343070Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.664{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\mozglue.dll104.0.2-FirefoxMozilla Foundationmozglue.dllMD5=D81C40EAA529D675598BD3D88F4D273B,SHA256=F89754F1E16A89AF01B5A3B2F4FDE652AA14DBA3131FB9A831D1E51E2E4D9359,IMPHASH=59035CC8561E9C04E566E656F35B9519trueMozilla CorporationValid 734700x8000000000000000343069Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.663{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntdll.dll10.0.14393.5006 (rs1_release.220301-1704)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=F5EE39B17A8BCDEDC3D40997C26F62B1,SHA256=11C1C88B1CC11D9800DEEF27ED7ABDFDE3DC852687A3B9FBD5153284106E5952,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000343068Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.663{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12,IMPHASH=67E6A4C8E164C0229E3FF1626F1894C6trueMicrosoft WindowsValid 10341000x8000000000000000343067Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.663{6820D070-4D64-6323-ED00-000000007502}61404264C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+27040|C:\Program Files\Mozilla Firefox\xul.dll+e7c824|C:\Program Files\Mozilla Firefox\xul.dll+e76539|C:\Program Files\Mozilla Firefox\xul.dll+e6774a|C:\Program Files\Mozilla Firefox\xul.dll+378cdc3|C:\Program Files\Mozilla Firefox\xul.dll+7c6334|C:\Program Files\Mozilla Firefox\xul.dll+1a629d7|C:\Program Files\Mozilla Firefox\xul.dll+1a61c23|C:\Program Files\Mozilla Firefox\xul.dll+17b1bad|C:\Program Files\Mozilla Firefox\xul.dll+1a890bb|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+1fc8e|C:\Program Files\Mozilla Firefox\xul.dll+180dd8|C:\Program Files\Mozilla Firefox\xul.dll+17fd52|C:\Program Files\Mozilla Firefox\xul.dll+44a9b51|C:\Program Files\Mozilla Firefox\xul.dll+4511b42|C:\Program Files\Mozilla Firefox\xul.dll+451296c|C:\Program Files\Mozilla Firefox\xul.dll+1f8be23|C:\Program Files\Mozilla Firefox\firefox.exe+19db6|C:\Program Files\Mozilla Firefox\firefox.exe+27d18|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343066Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.662{6820D070-4D64-6323-ED00-000000007502}61405612C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+9f9b59|C:\Program Files\Mozilla Firefox\xul.dll+7c6334|C:\Program Files\Mozilla Firefox\xul.dll+1a7fd3f|C:\Program Files\Mozilla Firefox\xul.dll+12cb5|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+127e7|C:\Program Files\Mozilla Firefox\xul.dll+9e0231|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343065Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.662{6820D070-4D64-6323-ED00-000000007502}61405612C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+9f9b59|C:\Program Files\Mozilla Firefox\xul.dll+7c6334|C:\Program Files\Mozilla Firefox\xul.dll+1a7fd3f|C:\Program Files\Mozilla Firefox\xul.dll+12cb5|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+127e7|C:\Program Files\Mozilla Firefox\xul.dll+9e0231|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343064Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.662{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\firefox.exe104.0.2FirefoxFirefoxMozilla Corporationfirefox.exeMD5=BBF69077780A3C362C8F6545B6B254B9,SHA256=9BA01237719ABB00128CC369D5BEA68E6EB6AFCAA47C4316EED174615B90E2B6,IMPHASH=9AE80BC4D7F699F3663D6FC8FC1CEAF0trueMozilla CorporationValid 10341000x8000000000000000343063Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.662{6820D070-4D64-6323-ED00-000000007502}61405612C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+9f9b59|C:\Program Files\Mozilla Firefox\xul.dll+7c6334|C:\Program Files\Mozilla Firefox\xul.dll+1a7fd3f|C:\Program Files\Mozilla Firefox\xul.dll+12cb5|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+127e7|C:\Program Files\Mozilla Firefox\xul.dll+9e0231|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343062Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.662{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x8000000000000000343061Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.661{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000343060Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.660{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\KernelBase.dll10.0.14393.5246 (rs1_release.220701-1744)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=96EFBE3DB6300BB13E0720809302FF9F,SHA256=2DE51A861E8D47D75730027E8BD70554363E10449EC258527C491EE8D4A57C2F,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 10341000x8000000000000000343059Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.659{6820D070-4D64-6323-ED00-000000007502}61404084C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+114dfb|C:\Program Files\Mozilla Firefox\xul.dll+12ee2b1|C:\Windows\SYSTEM32\ntdll.dll+7f61d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed13|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000343058Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:25.659{6820D070-4D64-6323-ED00-000000007502}6140\gecko-crash-server-pipe.6140C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000343057Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.659{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll104.0.2-FirefoxMozilla Foundationxul.dllMD5=0A51F22D078855CE4E32F0987E9B06C6,SHA256=CD073C7F42A13D192E8E96AC16B0C2BE56D40424768DC65733380AB4AFBD4716,IMPHASH=9A9A84C657A1B1C5F1F6F1989D349543trueMozilla CorporationValid 734700x8000000000000000343056Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.659{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=92D599E644B89C0F9E7DDB55762EBEA6,SHA256=F32D28EE73EADAF9EF3F30145FA3C52B88DF47236B8747434750832BF1B9CDEE,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 18141800x8000000000000000343055Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:25.658{6820D070-4D64-6323-ED00-000000007502}6140\gecko.6140.5612.17537434261390808517C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000343054Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:25.658{6820D070-4D64-6323-ED00-000000007502}6140\gecko.6140.5612.17537434261390808517C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000343053Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.657{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntdll.dll10.0.14393.5006 (rs1_release.220301-1704)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=F5EE39B17A8BCDEDC3D40997C26F62B1,SHA256=11C1C88B1CC11D9800DEEF27ED7ABDFDE3DC852687A3B9FBD5153284106E5952,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x8000000000000000343052Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.655{6820D070-4D64-6323-ED00-000000007502}61405612C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1a81b5a|C:\Program Files\Mozilla Firefox\xul.dll+1a7f91c|C:\Program Files\Mozilla Firefox\xul.dll+12cb5|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+127e7|C:\Program Files\Mozilla Firefox\xul.dll+9e0231|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000343051Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:25.654{6820D070-4D64-6323-ED00-000000007502}6140\chrome.6140.30.108962691C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000343050Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.653{6820D070-4B7C-6323-8800-000000007502}628648C:\Windows\system32\csrss.exe{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 17141700x8000000000000000343049Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:25.653{6820D070-4D64-6323-ED00-000000007502}6140\chrome.6140.37.68911627C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000343048Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.653{6820D070-4D64-6323-ED00-000000007502}61405840C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b830|C:\Windows\System32\KERNELBASE.dll+6f523|C:\Windows\System32\ADVAPI32.dll+189bf|C:\Program Files\Mozilla Firefox\firefox.exe+2bb52|C:\Program Files\Mozilla Firefox\firefox.exe+59d7|C:\Program Files\Mozilla Firefox\xul.dll+203367f|C:\Program Files\Mozilla Firefox\xul.dll+9f4a88|C:\Program Files\Mozilla Firefox\xul.dll+9f2b85|C:\Program Files\Mozilla Firefox\xul.dll+9faa2e|C:\Program Files\Mozilla Firefox\xul.dll+84ead3|C:\Program Files\Mozilla Firefox\xul.dll+17b26ed|C:\Program Files\Mozilla Firefox\xul.dll+17b0885|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+1fc8e|C:\Program Files\Mozilla Firefox\xul.dll+8523f7|C:\Program Files\Mozilla Firefox\nss3.dll+75edc|C:\Program Files\Mozilla Firefox\nss3.dll+8c1d1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000343047Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.644{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exe104.0.2FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6140.34.992401490\1797112337" -childID 31 -isForBrowser -prefsHandle 6608 -prefMapHandle 6612 -prefsLen 31603 -prefMapSize 231974 -jsInitHandle 1100 -jsInitLen 247228 -a11yResourceId 64 -parentBuildID 20220902153754 -appDir "C:\Program Files\Mozilla Firefox\browser" - 6140 "\\.\pipe\gecko-crash-server-pipe.6140" 8876 2612f44be48 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{6820D070-4B7D-6323-1F63-0C0000000000}0xc631f2LowMD5=BBF69077780A3C362C8F6545B6B254B9,SHA256=9BA01237719ABB00128CC369D5BEA68E6EB6AFCAA47C4316EED174615B90E2B6,IMPHASH=9AE80BC4D7F699F3663D6FC8FC1CEAF0{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 354300x8000000000000000343046Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.969{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50228-false142.250.190.106ord37s35-in-f10.1e100.net443https 354300x8000000000000000343045Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.943{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local55136- 354300x8000000000000000343044Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.838{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50227-false68.67.160.75673.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net443https 354300x8000000000000000343043Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.815{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50226-false68.67.160.75673.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net443https 354300x8000000000000000343042Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.805{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local56802- 354300x8000000000000000343041Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.799{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local60194- 354300x8000000000000000343040Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.686{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local58632- 354300x8000000000000000343039Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.686{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local55202- 354300x8000000000000000343038Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.685{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local57422- 354300x8000000000000000343037Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.685{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local64071- 354300x8000000000000000343036Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.634{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50225-false69.192.209.51a69-192-209-51.deploy.static.akamaitechnologies.com443https 354300x8000000000000000343035Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.614{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local64610- 17141700x8000000000000000343034Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:25.651{6820D070-4D64-6323-ED00-000000007502}6140\chrome.6140.36.134760747C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000343033Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:25.646{6820D070-4D64-6323-ED00-000000007502}6140\chrome.6140.35.183867062C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000343032Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.646{6820D070-4D64-6323-ED00-000000007502}61404084C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+114dfb|C:\Program Files\Mozilla Firefox\xul.dll+12ee2b1|C:\Windows\SYSTEM32\ntdll.dll+7f61d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed13|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000343031Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:25.646{6820D070-4D64-6323-ED00-000000007502}6140\gecko-crash-server-pipe.6140C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000343030Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.646{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\version.dll10.0.14393.0 (rs1_release.160715-1616)Version Checking and File Installation LibrariesMicrosoft® Windows® Operating SystemMicrosoft CorporationVERSION.DLLMD5=CFDB018AC09F879CAAE7A66CA7880D57,SHA256=6AB95FD0D142CFFC3B9455AF51F003E1CD75B7F4323820390B975F9E1C8A47A5,IMPHASH=9A7C66851249D4CED6C2C9096DCA243BtrueMicrosoft WindowsValid 734700x8000000000000000343029Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.645{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\SHCore.dll10.0.14393.5066 (rs1_release.220401-1841)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=FC58D75DDAF44088B9101BE2418B1967,SHA256=74A0CCA04F2405A329897A6A1A3E90A0CE48E5772F85E7188C75677CD9D78160,IMPHASH=3C09BDCE2388320645D7656AE2AC744CtrueMicrosoft WindowsValid 734700x8000000000000000343028Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.645{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\combase.dll10.0.14393.5192 (rs1_release.220610-1622)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=336FBB55FF4D4E5A05343A51C98A8F74,SHA256=FD42EBCB39DD4311FA7515010FF4D08AC4DFF7D5C35FCB23207833ED4C2E8444,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000343027Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.644{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000343026Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.643{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 10341000x8000000000000000343025Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.643{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343024Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.643{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343023Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.643{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343022Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.643{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\lgpllibs.dll104.0.2-FirefoxMozilla Foundationlgpllibs.dllMD5=8A81C934123E7CA79B7A1741570D3336,SHA256=0A0F351BBB315E6364398A55F77607E57C29CB83BEE9FC6D7EA6DC3D761964DA,IMPHASH=451AECEA9F58042E76D96A82BE2804FAtrueMozilla CorporationValid 734700x8000000000000000343021Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.642{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36,IMPHASH=FF25576501EAFD13671A6D5075C4513EtrueMicrosoft WindowsValid 10341000x8000000000000000343020Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.642{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343019Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.642{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343018Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.642{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343017Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.642{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 10341000x8000000000000000343016Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.641{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343015Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.641{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343014Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.641{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wsock32.dll10.0.14393.0 (rs1_release.160715-1616)Windows Socket 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationwsock32.dllMD5=9471D5E2FEDF5552440BF935143DFAB0,SHA256=B489197F05EFFFB17F10FA9942DB88100C86BEB8291F9ACC8EB38BEF751BF90D,IMPHASH=6D33A1BDF842DEBFB889C44A830190E7trueMicrosoft WindowsValid 10341000x8000000000000000343013Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.641{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343012Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.641{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343011Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.641{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343010Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.640{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343009Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.640{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343008Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.640{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343007Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.640{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 10341000x8000000000000000343006Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.640{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343005Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.640{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343004Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.640{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\rpcrt4.dll10.0.14393.5291 (rs1_release.220806-1444)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=F8550606B41FF309D9A1DC76BB4EE875,SHA256=A1FFDD6A2EDA9E0CF047C74B00649A2EA228E3B8BDE1761C66879FA40335C2EB,IMPHASH=C4246EC3F13C64466ED4274DBAA3B132trueMicrosoft WindowsValid 10341000x8000000000000000343003Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.639{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343002Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.639{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\sechost.dll10.0.14393.5006 (rs1_release.220301-1704)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=9F0F4C38A22FC9FFB8814F77A9563680,SHA256=E9ABDA1063716301F5D06DBC94D6A35B3F53A14B946525E5F764485132DB6166,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 10341000x8000000000000000343001Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.639{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343000Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.639{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342999Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.639{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 10341000x8000000000000000342998Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.639{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342997Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.638{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342996Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.638{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\advapi32.dll10.0.14393.4886 (rs1_release.220104-1735)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=C42106182CCA611F629E46981D1A0EEA,SHA256=68C134F95A8D38AE84545C8D581F4BF808B6C9D97513EA3CABF019C66419CBAE,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x8000000000000000342995Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.638{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342994Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.638{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\nss3.dll104.0.2-FirefoxMozilla Foundationnss3.dllMD5=53509A4511300964ADB047AD5F1F1170,SHA256=2241536476C6C2CCE371DCFB08432C351198809A577FFC2E79D27FCEAAB6FEE5,IMPHASH=C637BF48786E5FC945D5268F49B50500trueMozilla CorporationValid 10341000x8000000000000000342993Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.638{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342992Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.638{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342991Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.638{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342990Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.637{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342989Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.637{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342988Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.637{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\version.dll10.0.14393.0 (rs1_release.160715-1616)Version Checking and File Installation LibrariesMicrosoft® Windows® Operating SystemMicrosoft CorporationVERSION.DLLMD5=CFDB018AC09F879CAAE7A66CA7880D57,SHA256=6AB95FD0D142CFFC3B9455AF51F003E1CD75B7F4323820390B975F9E1C8A47A5,IMPHASH=9A7C66851249D4CED6C2C9096DCA243BtrueMicrosoft WindowsValid 10341000x8000000000000000342987Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.637{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342986Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.637{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342985Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.637{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\SHCore.dll10.0.14393.5066 (rs1_release.220401-1841)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=FC58D75DDAF44088B9101BE2418B1967,SHA256=74A0CCA04F2405A329897A6A1A3E90A0CE48E5772F85E7188C75677CD9D78160,IMPHASH=3C09BDCE2388320645D7656AE2AC744CtrueMicrosoft WindowsValid 734700x8000000000000000342984Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.636{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\combase.dll10.0.14393.5192 (rs1_release.220610-1622)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=336FBB55FF4D4E5A05343A51C98A8F74,SHA256=FD42EBCB39DD4311FA7515010FF4D08AC4DFF7D5C35FCB23207833ED4C2E8444,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 10341000x8000000000000000342983Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.636{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342982Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.636{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000342981Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.636{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000342980Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.635{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36,IMPHASH=FF25576501EAFD13671A6D5075C4513EtrueMicrosoft WindowsValid 734700x8000000000000000342979Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.635{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 10341000x8000000000000000342978Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.634{6820D070-4D64-6323-ED00-000000007502}61404264C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+27040|C:\Program Files\Mozilla Firefox\xul.dll+e7c824|C:\Program Files\Mozilla Firefox\xul.dll+e76539|C:\Program Files\Mozilla Firefox\xul.dll+e6774a|C:\Program Files\Mozilla Firefox\xul.dll+378cdc3|C:\Program Files\Mozilla Firefox\xul.dll+7c6334|C:\Program Files\Mozilla Firefox\xul.dll+1a629d7|C:\Program Files\Mozilla Firefox\xul.dll+1a61c23|C:\Program Files\Mozilla Firefox\xul.dll+17b1bad|C:\Program Files\Mozilla Firefox\xul.dll+1a890bb|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+1fc8e|C:\Program Files\Mozilla Firefox\xul.dll+180dd8|C:\Program Files\Mozilla Firefox\xul.dll+17fd52|C:\Program Files\Mozilla Firefox\xul.dll+44a9b51|C:\Program Files\Mozilla Firefox\xul.dll+4511b42|C:\Program Files\Mozilla Firefox\xul.dll+451296c|C:\Program Files\Mozilla Firefox\xul.dll+1f8be23|C:\Program Files\Mozilla Firefox\firefox.exe+19db6|C:\Program Files\Mozilla Firefox\firefox.exe+27d18|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342977Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.634{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\firefox.exe104.0.2FirefoxFirefoxMozilla Corporationfirefox.exeMD5=BBF69077780A3C362C8F6545B6B254B9,SHA256=9BA01237719ABB00128CC369D5BEA68E6EB6AFCAA47C4316EED174615B90E2B6,IMPHASH=9AE80BC4D7F699F3663D6FC8FC1CEAF0trueMozilla CorporationValid 734700x8000000000000000342976Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.633{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 10341000x8000000000000000342975Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.633{6820D070-4D64-6323-ED00-000000007502}61405612C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+9f9b59|C:\Program Files\Mozilla Firefox\xul.dll+7c6334|C:\Program Files\Mozilla Firefox\xul.dll+1a7fd3f|C:\Program Files\Mozilla Firefox\xul.dll+12cb5|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+127e7|C:\Program Files\Mozilla Firefox\xul.dll+9e0231|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342974Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.633{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wintrust.dll10.0.14393.5125 (rs1_release.220429-1732)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=55FCE44E89BDA2444619661FE50F43EE,SHA256=420CACA0D821E7E9F1D1E683E9899BC2F6D5A4AA06C8D4BB23335DD9490CC0F8,IMPHASH=8B8383FC3FA03C92F859A2AF899A52ADtrueMicrosoft WindowsValid 734700x8000000000000000342973Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.631{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\gdi32full.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F284A98093B423946252259D7D2857D3,SHA256=193F70529B68EF108EA17ABC069E6DACF4541A547DF1D2F249F7555A58BCFA07,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000342972Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.631{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000342971Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.631{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll104.0.2-FirefoxMozilla Foundationxul.dllMD5=0A51F22D078855CE4E32F0987E9B06C6,SHA256=CD073C7F42A13D192E8E96AC16B0C2BE56D40424768DC65733380AB4AFBD4716,IMPHASH=9A9A84C657A1B1C5F1F6F1989D349543trueMozilla CorporationValid 734700x8000000000000000342970Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.630{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000342969Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.630{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\lgpllibs.dll104.0.2-FirefoxMozilla Foundationlgpllibs.dllMD5=8A81C934123E7CA79B7A1741570D3336,SHA256=0A0F351BBB315E6364398A55F77607E57C29CB83BEE9FC6D7EA6DC3D761964DA,IMPHASH=451AECEA9F58042E76D96A82BE2804FAtrueMozilla CorporationValid 734700x8000000000000000342968Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.629{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wsock32.dll10.0.14393.0 (rs1_release.160715-1616)Windows Socket 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationwsock32.dllMD5=9471D5E2FEDF5552440BF935143DFAB0,SHA256=B489197F05EFFFB17F10FA9942DB88100C86BEB8291F9ACC8EB38BEF751BF90D,IMPHASH=6D33A1BDF842DEBFB889C44A830190E7trueMicrosoft WindowsValid 734700x8000000000000000342967Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.629{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wintrust.dll10.0.14393.5125 (rs1_release.220429-1732)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=55FCE44E89BDA2444619661FE50F43EE,SHA256=420CACA0D821E7E9F1D1E683E9899BC2F6D5A4AA06C8D4BB23335DD9490CC0F8,IMPHASH=8B8383FC3FA03C92F859A2AF899A52ADtrueMicrosoft WindowsValid 734700x8000000000000000342966Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.628{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000342965Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.628{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000342964Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.628{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\rpcrt4.dll10.0.14393.5291 (rs1_release.220806-1444)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=F8550606B41FF309D9A1DC76BB4EE875,SHA256=A1FFDD6A2EDA9E0CF047C74B00649A2EA228E3B8BDE1761C66879FA40335C2EB,IMPHASH=C4246EC3F13C64466ED4274DBAA3B132trueMicrosoft WindowsValid 734700x8000000000000000342963Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.628{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\sechost.dll10.0.14393.5006 (rs1_release.220301-1704)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=9F0F4C38A22FC9FFB8814F77A9563680,SHA256=E9ABDA1063716301F5D06DBC94D6A35B3F53A14B946525E5F764485132DB6166,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 10341000x8000000000000000342962Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.627{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+406b6|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+54cfb|C:\Windows\System32\RPCRT4.dll+533da|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342961Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.627{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000342960Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.627{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\advapi32.dll10.0.14393.4886 (rs1_release.220104-1735)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=C42106182CCA611F629E46981D1A0EEA,SHA256=68C134F95A8D38AE84545C8D581F4BF808B6C9D97513EA3CABF019C66419CBAE,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x8000000000000000342959Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.627{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll104.0.2-FirefoxMozilla Foundationxul.dllMD5=0A51F22D078855CE4E32F0987E9B06C6,SHA256=CD073C7F42A13D192E8E96AC16B0C2BE56D40424768DC65733380AB4AFBD4716,IMPHASH=9A9A84C657A1B1C5F1F6F1989D349543trueMozilla CorporationValid 734700x8000000000000000342958Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.627{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\nss3.dll104.0.2-FirefoxMozilla Foundationnss3.dllMD5=53509A4511300964ADB047AD5F1F1170,SHA256=2241536476C6C2CCE371DCFB08432C351198809A577FFC2E79D27FCEAAB6FEE5,IMPHASH=C637BF48786E5FC945D5268F49B50500trueMozilla CorporationValid 734700x8000000000000000342957Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.626{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntmarta.dll10.0.14393.0 (rs1_release.160715-1616)Windows NT MARTA providerMicrosoft® Windows® Operating SystemMicrosoft Corporationntmarta.dllMD5=854A3CAE7C97B630158C9F7EE8555970,SHA256=20F0A4D99C5095A0CAC39B816BFC987F64CD051843C79E027714666375986176,IMPHASH=98050D95AE15C8382F287539F2BF65FAtrueMicrosoft WindowsValid 18141800x8000000000000000342956Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:25.626{6820D070-4D64-6323-ED00-000000007502}6140\gecko.6140.5612.15157304014946469057C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000342955Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:25.625{6820D070-4D64-6323-ED00-000000007502}6140\gecko.6140.5612.15157304014946469057C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000342954Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.625{6820D070-4B7C-6323-8800-000000007502}6284268C:\Windows\system32\csrss.exe{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 734700x8000000000000000342953Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.625{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\lgpllibs.dll104.0.2-FirefoxMozilla Foundationlgpllibs.dllMD5=8A81C934123E7CA79B7A1741570D3336,SHA256=0A0F351BBB315E6364398A55F77607E57C29CB83BEE9FC6D7EA6DC3D761964DA,IMPHASH=451AECEA9F58042E76D96A82BE2804FAtrueMozilla CorporationValid 10341000x8000000000000000342952Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.625{6820D070-4D64-6323-ED00-000000007502}61405840C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b830|C:\Windows\System32\KERNELBASE.dll+6f523|C:\Windows\System32\ADVAPI32.dll+189bf|C:\Program Files\Mozilla Firefox\firefox.exe+2bb52|C:\Program Files\Mozilla Firefox\firefox.exe+59d7|C:\Program Files\Mozilla Firefox\xul.dll+203367f|C:\Program Files\Mozilla Firefox\xul.dll+9f4a88|C:\Program Files\Mozilla Firefox\xul.dll+9f2b85|C:\Program Files\Mozilla Firefox\xul.dll+9faa2e|C:\Program Files\Mozilla Firefox\xul.dll+84ead3|C:\Program Files\Mozilla Firefox\xul.dll+17b26ed|C:\Program Files\Mozilla Firefox\xul.dll+17b0885|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+1fc8e|C:\Program Files\Mozilla Firefox\xul.dll+8523f7|C:\Program Files\Mozilla Firefox\nss3.dll+75edc|C:\Program Files\Mozilla Firefox\nss3.dll+8c1d1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000342951Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.625{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exe104.0.2FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6140.33.1059937282\1542977901" -childID 30 -isForBrowser -prefsHandle 6624 -prefMapHandle 6628 -prefsLen 31603 -prefMapSize 231974 -jsInitHandle 1100 -jsInitLen 247228 -a11yResourceId 64 -parentBuildID 20220902153754 -appDir "C:\Program Files\Mozilla Firefox\browser" - 6140 "\\.\pipe\gecko-crash-server-pipe.6140" 6488 2612f275948 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{6820D070-4B7D-6323-1F63-0C0000000000}0xc631f2LowMD5=BBF69077780A3C362C8F6545B6B254B9,SHA256=9BA01237719ABB00128CC369D5BEA68E6EB6AFCAA47C4316EED174615B90E2B6,IMPHASH=9AE80BC4D7F699F3663D6FC8FC1CEAF0{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 734700x8000000000000000342950Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.624{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4770 (rs1_release.211101-1440)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=54417B63FB3760BC6DBC5DB1BDA4C272,SHA256=B7A8B457B252AB949C067D5FCFEFB2AE98E9115B958D2A0FC120D7B13B3E9FAD,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000342949Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.624{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12,IMPHASH=67E6A4C8E164C0229E3FF1626F1894C6trueMicrosoft WindowsValid 734700x8000000000000000342948Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.624{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000342947Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.624{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 734700x8000000000000000342946Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.624{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wsock32.dll10.0.14393.0 (rs1_release.160715-1616)Windows Socket 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationwsock32.dllMD5=9471D5E2FEDF5552440BF935143DFAB0,SHA256=B489197F05EFFFB17F10FA9942DB88100C86BEB8291F9ACC8EB38BEF751BF90D,IMPHASH=6D33A1BDF842DEBFB889C44A830190E7trueMicrosoft WindowsValid 10341000x8000000000000000342945Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.623{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342944Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.623{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x8000000000000000342943Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.623{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342942Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.623{6820D070-4DF9-6323-1F01-000000007502}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 10341000x8000000000000000342941Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.623{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342940Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.623{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 10341000x8000000000000000342939Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.623{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342938Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.623{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342937Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.623{6820D070-4D64-6323-ED00-000000007502}61405612C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1a81b5a|C:\Program Files\Mozilla Firefox\xul.dll+1a7fb67|C:\Program Files\Mozilla Firefox\xul.dll+12cb5|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+127e7|C:\Program Files\Mozilla Firefox\xul.dll+9e0231|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342936Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.623{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\rpcrt4.dll10.0.14393.5291 (rs1_release.220806-1444)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=F8550606B41FF309D9A1DC76BB4EE875,SHA256=A1FFDD6A2EDA9E0CF047C74B00649A2EA228E3B8BDE1761C66879FA40335C2EB,IMPHASH=C4246EC3F13C64466ED4274DBAA3B132trueMicrosoft WindowsValid 10341000x8000000000000000342935Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.622{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342934Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.622{6820D070-4DF9-6323-1F01-000000007502}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 10341000x8000000000000000342933Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.622{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342932Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.622{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\sechost.dll10.0.14393.5006 (rs1_release.220301-1704)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=9F0F4C38A22FC9FFB8814F77A9563680,SHA256=E9ABDA1063716301F5D06DBC94D6A35B3F53A14B946525E5F764485132DB6166,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 10341000x8000000000000000342931Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.622{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342930Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.622{6820D070-4DF9-6323-1F01-000000007502}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000342929Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.622{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\vcruntime140_1.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140_1.dllMD5=135359D350F72AD4BF716B764D39E749,SHA256=34048ABAA070ECC13B318CEA31425F4CA3EDD133D350318AC65259E6058C8B32,IMPHASH=AE0BDE6314FA2027B54CE04898F6AB69trueMicrosoft CorporationValid 10341000x8000000000000000342928Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.622{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342927Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.622{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000342926Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:25.622{6820D070-4D64-6323-ED00-000000007502}6140\chrome.6140.29.46343182C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000342925Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.622{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000342924Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.622{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\gdi32full.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F284A98093B423946252259D7D2857D3,SHA256=193F70529B68EF108EA17ABC069E6DACF4541A547DF1D2F249F7555A58BCFA07,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 10341000x8000000000000000342923Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.621{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342922Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.621{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\advapi32.dll10.0.14393.4886 (rs1_release.220104-1735)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=C42106182CCA611F629E46981D1A0EEA,SHA256=68C134F95A8D38AE84545C8D581F4BF808B6C9D97513EA3CABF019C66419CBAE,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x8000000000000000342921Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.621{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342920Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.621{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\vcruntime140.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140.dllMD5=F34EB034AA4A9735218686590CBA2E8B,SHA256=9D2B40F0395CC5D1B4D5EA17B84970C29971D448C37104676DB577586D4AD1B1,IMPHASH=44C3854843F7A3FCCDF8DDBBEA66F302trueMicrosoft CorporationValid 734700x8000000000000000342919Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.621{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\nss3.dll104.0.2-FirefoxMozilla Foundationnss3.dllMD5=53509A4511300964ADB047AD5F1F1170,SHA256=2241536476C6C2CCE371DCFB08432C351198809A577FFC2E79D27FCEAAB6FEE5,IMPHASH=C637BF48786E5FC945D5268F49B50500trueMozilla CorporationValid 10341000x8000000000000000342918Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.621{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342917Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.620{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp140.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationmsvcp140.dllMD5=6DA7F4530EDB350CF9D967D969CCECF8,SHA256=9FEE6F36547D6F6EA7CA0338655555DBA6BB0F798BC60334D29B94D1547DA4DA,IMPHASH=2BA11FD5A511C8A409E705E9AB6B5DC1trueMicrosoft CorporationValid 10341000x8000000000000000342916Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.620{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342915Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.620{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342914Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.620{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342913Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.620{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242,IMPHASH=B6562243FBF394F03046E917C719260FtrueMicrosoft WindowsValid 10341000x8000000000000000342912Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.620{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342911Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.620{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342910Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.620{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\crypt32.dll10.0.14393.5291 (rs1_release.220806-1444)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=0D54B119907CCD11827832973EAB917D,SHA256=78C28A0165B0A2581662CFB3A89E319006518DC2E1A664E6027C7F8EBFA05D92,IMPHASH=42B269CD88D7BD841B43BB1788792A62trueMicrosoft WindowsValid 10341000x8000000000000000342909Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.619{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342908Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.619{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342907Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.619{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 734700x8000000000000000342906Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.619{6820D070-4DF9-6323-1F01-000000007502}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.5066 (rs1_release.220401-1841)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=75E3DE473374E0BCBBD1EC60036A93EC,SHA256=23EBE577D2080D4C7532184B69E44BF640BB44084F9046A5AF364268A7BDB1EC,IMPHASH=6CC8301D560C9DC6CB13A6320F3A3B1FtrueMicrosoft WindowsValid 10341000x8000000000000000342905Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.619{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342904Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.619{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\mozglue.dll104.0.2-FirefoxMozilla Foundationmozglue.dllMD5=D81C40EAA529D675598BD3D88F4D273B,SHA256=F89754F1E16A89AF01B5A3B2F4FDE652AA14DBA3131FB9A831D1E51E2E4D9359,IMPHASH=59035CC8561E9C04E566E656F35B9519trueMozilla CorporationValid 10341000x8000000000000000342903Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.619{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342902Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.618{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342901Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.618{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\gdi32full.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F284A98093B423946252259D7D2857D3,SHA256=193F70529B68EF108EA17ABC069E6DACF4541A547DF1D2F249F7555A58BCFA07,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000342900Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.618{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000342899Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.618{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000342898Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.618{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000342897Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.617{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000342896Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.617{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 10341000x8000000000000000342895Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.617{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342894Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.617{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342893Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.616{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x8000000000000000342892Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.616{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342891Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.616{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342890Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.616{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x8000000000000000342889Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.616{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342888Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.615{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\KernelBase.dll10.0.14393.5246 (rs1_release.220701-1744)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=96EFBE3DB6300BB13E0720809302FF9F,SHA256=2DE51A861E8D47D75730027E8BD70554363E10449EC258527C491EE8D4A57C2F,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000342887Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.615{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=92D599E644B89C0F9E7DDB55762EBEA6,SHA256=F32D28EE73EADAF9EF3F30145FA3C52B88DF47236B8747434750832BF1B9CDEE,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000342886Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.615{6820D070-4DF9-6323-1F01-000000007502}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000342885Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.615{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4770 (rs1_release.211101-1440)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=54417B63FB3760BC6DBC5DB1BDA4C272,SHA256=B7A8B457B252AB949C067D5FCFEFB2AE98E9115B958D2A0FC120D7B13B3E9FAD,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000342884Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.614{6820D070-4DF9-6323-1F01-000000007502}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.5066 (rs1_release.220401-1841)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3D375474E2FE9A77D243E35954287188,SHA256=7850F11166D7CACED6F628033524ED86191AE92772000AFA677E59A664396E8C,IMPHASH=6990BA83B94C81786A84E6C44E699D03trueMicrosoft WindowsValid 734700x8000000000000000342883Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.614{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 10341000x8000000000000000342882Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.614{6820D070-4D64-6323-ED00-000000007502}61404084C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+114dfb|C:\Program Files\Mozilla Firefox\xul.dll+12ee2b1|C:\Windows\SYSTEM32\ntdll.dll+7f61d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed13|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000342881Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:25.614{6820D070-4D64-6323-ED00-000000007502}6140\gecko-crash-server-pipe.6140C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000342880Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.614{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342879Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.614{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342878Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.614{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntdll.dll10.0.14393.5006 (rs1_release.220301-1704)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=F5EE39B17A8BCDEDC3D40997C26F62B1,SHA256=11C1C88B1CC11D9800DEEF27ED7ABDFDE3DC852687A3B9FBD5153284106E5952,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000342877Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.613{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\firefox.exe104.0.2FirefoxFirefoxMozilla Corporationfirefox.exeMD5=BBF69077780A3C362C8F6545B6B254B9,SHA256=9BA01237719ABB00128CC369D5BEA68E6EB6AFCAA47C4316EED174615B90E2B6,IMPHASH=9AE80BC4D7F699F3663D6FC8FC1CEAF0trueMozilla CorporationValid 734700x8000000000000000342876Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.611{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\vcruntime140_1.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140_1.dllMD5=135359D350F72AD4BF716B764D39E749,SHA256=34048ABAA070ECC13B318CEA31425F4CA3EDD133D350318AC65259E6058C8B32,IMPHASH=AE0BDE6314FA2027B54CE04898F6AB69trueMicrosoft CorporationValid 734700x8000000000000000342875Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.610{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\vcruntime140.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140.dllMD5=F34EB034AA4A9735218686590CBA2E8B,SHA256=9D2B40F0395CC5D1B4D5EA17B84970C29971D448C37104676DB577586D4AD1B1,IMPHASH=44C3854843F7A3FCCDF8DDBBEA66F302trueMicrosoft CorporationValid 734700x8000000000000000342874Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.609{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp140.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationmsvcp140.dllMD5=6DA7F4530EDB350CF9D967D969CCECF8,SHA256=9FEE6F36547D6F6EA7CA0338655555DBA6BB0F798BC60334D29B94D1547DA4DA,IMPHASH=2BA11FD5A511C8A409E705E9AB6B5DC1trueMicrosoft CorporationValid 734700x8000000000000000342873Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.608{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242,IMPHASH=B6562243FBF394F03046E917C719260FtrueMicrosoft WindowsValid 734700x8000000000000000342872Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.608{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\crypt32.dll10.0.14393.5291 (rs1_release.220806-1444)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=0D54B119907CCD11827832973EAB917D,SHA256=78C28A0165B0A2581662CFB3A89E319006518DC2E1A664E6027C7F8EBFA05D92,IMPHASH=42B269CD88D7BD841B43BB1788792A62trueMicrosoft WindowsValid 10341000x8000000000000000342871Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.607{6820D070-4B7C-6323-8800-000000007502}6284268C:\Windows\system32\csrss.exe{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 734700x8000000000000000342870Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.607{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\version.dll10.0.14393.0 (rs1_release.160715-1616)Version Checking and File Installation LibrariesMicrosoft® Windows® Operating SystemMicrosoft CorporationVERSION.DLLMD5=CFDB018AC09F879CAAE7A66CA7880D57,SHA256=6AB95FD0D142CFFC3B9455AF51F003E1CD75B7F4323820390B975F9E1C8A47A5,IMPHASH=9A7C66851249D4CED6C2C9096DCA243BtrueMicrosoft WindowsValid 734700x8000000000000000342869Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.607{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\mozglue.dll104.0.2-FirefoxMozilla Foundationmozglue.dllMD5=D81C40EAA529D675598BD3D88F4D273B,SHA256=F89754F1E16A89AF01B5A3B2F4FDE652AA14DBA3131FB9A831D1E51E2E4D9359,IMPHASH=59035CC8561E9C04E566E656F35B9519trueMozilla CorporationValid 10341000x8000000000000000342868Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.607{6820D070-4D64-6323-ED00-000000007502}61405840C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b830|C:\Windows\System32\KERNELBASE.dll+6f523|C:\Windows\System32\ADVAPI32.dll+189bf|C:\Program Files\Mozilla Firefox\firefox.exe+2bb52|C:\Program Files\Mozilla Firefox\firefox.exe+59d7|C:\Program Files\Mozilla Firefox\xul.dll+203367f|C:\Program Files\Mozilla Firefox\xul.dll+9f4a88|C:\Program Files\Mozilla Firefox\xul.dll+9f2b85|C:\Program Files\Mozilla Firefox\xul.dll+9faa2e|C:\Program Files\Mozilla Firefox\xul.dll+84ead3|C:\Program Files\Mozilla Firefox\xul.dll+17b26ed|C:\Program Files\Mozilla Firefox\xul.dll+17b0885|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+1fc8e|C:\Program Files\Mozilla Firefox\xul.dll+8523f7|C:\Program Files\Mozilla Firefox\nss3.dll+75edc|C:\Program Files\Mozilla Firefox\nss3.dll+8c1d1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342867Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.607{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\SHCore.dll10.0.14393.5066 (rs1_release.220401-1841)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=FC58D75DDAF44088B9101BE2418B1967,SHA256=74A0CCA04F2405A329897A6A1A3E90A0CE48E5772F85E7188C75677CD9D78160,IMPHASH=3C09BDCE2388320645D7656AE2AC744CtrueMicrosoft WindowsValid 154100x8000000000000000342866Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.606{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exe104.0.2FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6140.32.234959758\727143238" -childID 29 -isForBrowser -prefsHandle 3360 -prefMapHandle 7176 -prefsLen 31603 -prefMapSize 231974 -jsInitHandle 1100 -jsInitLen 247228 -a11yResourceId 64 -parentBuildID 20220902153754 -appDir "C:\Program Files\Mozilla Firefox\browser" - 6140 "\\.\pipe\gecko-crash-server-pipe.6140" 6600 2612e5e0548 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{6820D070-4B7D-6323-1F63-0C0000000000}0xc631f2LowMD5=BBF69077780A3C362C8F6545B6B254B9,SHA256=9BA01237719ABB00128CC369D5BEA68E6EB6AFCAA47C4316EED174615B90E2B6,IMPHASH=9AE80BC4D7F699F3663D6FC8FC1CEAF0{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 734700x8000000000000000342865Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.607{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000342864Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.606{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\combase.dll10.0.14393.5192 (rs1_release.220610-1622)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=336FBB55FF4D4E5A05343A51C98A8F74,SHA256=FD42EBCB39DD4311FA7515010FF4D08AC4DFF7D5C35FCB23207833ED4C2E8444,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000342863Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.606{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000342862Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.606{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000342861Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.605{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36,IMPHASH=FF25576501EAFD13671A6D5075C4513EtrueMicrosoft WindowsValid 734700x8000000000000000342860Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.605{6820D070-4DF9-6323-1F01-000000007502}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000342859Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.605{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 10341000x8000000000000000342858Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.604{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342857Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.604{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342856Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.604{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wintrust.dll10.0.14393.5125 (rs1_release.220429-1732)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=55FCE44E89BDA2444619661FE50F43EE,SHA256=420CACA0D821E7E9F1D1E683E9899BC2F6D5A4AA06C8D4BB23335DD9490CC0F8,IMPHASH=8B8383FC3FA03C92F859A2AF899A52ADtrueMicrosoft WindowsValid 734700x8000000000000000342855Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.604{6820D070-4DF9-6323-1F01-000000007502}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.5125 (rs1_release.220429-1732)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=E8FF656B90334BED915B2BC6BBE57C9A,SHA256=8BB399AD98B9D9C637D09EB48306B1E80C50BAA7D1C9811595D9042E4294173C,IMPHASH=FE007B4B6CED5075C98434207FFF87E0trueMicrosoft WindowsValid 734700x8000000000000000342854Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.603{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll104.0.2-FirefoxMozilla Foundationxul.dllMD5=0A51F22D078855CE4E32F0987E9B06C6,SHA256=CD073C7F42A13D192E8E96AC16B0C2BE56D40424768DC65733380AB4AFBD4716,IMPHASH=9A9A84C657A1B1C5F1F6F1989D349543trueMozilla CorporationValid 10341000x8000000000000000342853Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.602{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342852Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.602{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342851Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.602{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\KernelBase.dll10.0.14393.5246 (rs1_release.220701-1744)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=96EFBE3DB6300BB13E0720809302FF9F,SHA256=2DE51A861E8D47D75730027E8BD70554363E10449EC258527C491EE8D4A57C2F,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 10341000x8000000000000000342850Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.601{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342849Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.601{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\lgpllibs.dll104.0.2-FirefoxMozilla Foundationlgpllibs.dllMD5=8A81C934123E7CA79B7A1741570D3336,SHA256=0A0F351BBB315E6364398A55F77607E57C29CB83BEE9FC6D7EA6DC3D761964DA,IMPHASH=451AECEA9F58042E76D96A82BE2804FAtrueMozilla CorporationValid 734700x8000000000000000342848Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.601{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=92D599E644B89C0F9E7DDB55762EBEA6,SHA256=F32D28EE73EADAF9EF3F30145FA3C52B88DF47236B8747434750832BF1B9CDEE,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 10341000x8000000000000000342847Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.601{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342846Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.601{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342845Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.601{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4770 (rs1_release.211101-1440)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=54417B63FB3760BC6DBC5DB1BDA4C272,SHA256=B7A8B457B252AB949C067D5FCFEFB2AE98E9115B958D2A0FC120D7B13B3E9FAD,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 10341000x8000000000000000342844Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.601{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342843Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.600{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342842Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.600{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342841Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.600{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wsock32.dll10.0.14393.0 (rs1_release.160715-1616)Windows Socket 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationwsock32.dllMD5=9471D5E2FEDF5552440BF935143DFAB0,SHA256=B489197F05EFFFB17F10FA9942DB88100C86BEB8291F9ACC8EB38BEF751BF90D,IMPHASH=6D33A1BDF842DEBFB889C44A830190E7trueMicrosoft WindowsValid 734700x8000000000000000342840Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.600{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 10341000x8000000000000000342839Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.600{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342838Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.600{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342837Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.600{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntdll.dll10.0.14393.5006 (rs1_release.220301-1704)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=F5EE39B17A8BCDEDC3D40997C26F62B1,SHA256=11C1C88B1CC11D9800DEEF27ED7ABDFDE3DC852687A3B9FBD5153284106E5952,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000342836Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.599{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\firefox.exe104.0.2FirefoxFirefoxMozilla Corporationfirefox.exeMD5=BBF69077780A3C362C8F6545B6B254B9,SHA256=9BA01237719ABB00128CC369D5BEA68E6EB6AFCAA47C4316EED174615B90E2B6,IMPHASH=9AE80BC4D7F699F3663D6FC8FC1CEAF0trueMozilla CorporationValid 10341000x8000000000000000342835Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.599{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342834Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.599{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342833Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.599{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342832Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.599{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342831Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.598{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342830Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.598{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342829Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.598{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342828Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.598{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342827Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.598{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\vcruntime140_1.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140_1.dllMD5=135359D350F72AD4BF716B764D39E749,SHA256=34048ABAA070ECC13B318CEA31425F4CA3EDD133D350318AC65259E6058C8B32,IMPHASH=AE0BDE6314FA2027B54CE04898F6AB69trueMicrosoft CorporationValid 10341000x8000000000000000342826Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.597{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342825Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.597{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 10341000x8000000000000000342824Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.597{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342823Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.597{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342822Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.597{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\vcruntime140.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140.dllMD5=F34EB034AA4A9735218686590CBA2E8B,SHA256=9D2B40F0395CC5D1B4D5EA17B84970C29971D448C37104676DB577586D4AD1B1,IMPHASH=44C3854843F7A3FCCDF8DDBBEA66F302trueMicrosoft CorporationValid 10341000x8000000000000000342821Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.597{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342820Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.596{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342819Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.596{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp140.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationmsvcp140.dllMD5=6DA7F4530EDB350CF9D967D969CCECF8,SHA256=9FEE6F36547D6F6EA7CA0338655555DBA6BB0F798BC60334D29B94D1547DA4DA,IMPHASH=2BA11FD5A511C8A409E705E9AB6B5DC1trueMicrosoft CorporationValid 10341000x8000000000000000342818Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.596{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342817Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.596{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\rpcrt4.dll10.0.14393.5291 (rs1_release.220806-1444)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=F8550606B41FF309D9A1DC76BB4EE875,SHA256=A1FFDD6A2EDA9E0CF047C74B00649A2EA228E3B8BDE1761C66879FA40335C2EB,IMPHASH=C4246EC3F13C64466ED4274DBAA3B132trueMicrosoft WindowsValid 734700x8000000000000000342816Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.595{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242,IMPHASH=B6562243FBF394F03046E917C719260FtrueMicrosoft WindowsValid 734700x8000000000000000342815Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.595{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\crypt32.dll10.0.14393.5291 (rs1_release.220806-1444)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=0D54B119907CCD11827832973EAB917D,SHA256=78C28A0165B0A2581662CFB3A89E319006518DC2E1A664E6027C7F8EBFA05D92,IMPHASH=42B269CD88D7BD841B43BB1788792A62trueMicrosoft WindowsValid 734700x8000000000000000342814Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.594{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\mozglue.dll104.0.2-FirefoxMozilla Foundationmozglue.dllMD5=D81C40EAA529D675598BD3D88F4D273B,SHA256=F89754F1E16A89AF01B5A3B2F4FDE652AA14DBA3131FB9A831D1E51E2E4D9359,IMPHASH=59035CC8561E9C04E566E656F35B9519trueMozilla CorporationValid 734700x8000000000000000342813Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.593{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\sechost.dll10.0.14393.5006 (rs1_release.220301-1704)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=9F0F4C38A22FC9FFB8814F77A9563680,SHA256=E9ABDA1063716301F5D06DBC94D6A35B3F53A14B946525E5F764485132DB6166,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 10341000x8000000000000000342812Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.591{6820D070-4B7C-6323-8800-000000007502}6284268C:\Windows\system32\csrss.exe{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000342811Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.591{6820D070-4D64-6323-ED00-000000007502}61405840C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b830|C:\Windows\System32\KERNELBASE.dll+6f523|C:\Windows\System32\ADVAPI32.dll+189bf|C:\Program Files\Mozilla Firefox\firefox.exe+2bb52|C:\Program Files\Mozilla Firefox\firefox.exe+59d7|C:\Program Files\Mozilla Firefox\xul.dll+203367f|C:\Program Files\Mozilla Firefox\xul.dll+9f4a88|C:\Program Files\Mozilla Firefox\xul.dll+9f2b85|C:\Program Files\Mozilla Firefox\xul.dll+9faa2e|C:\Program Files\Mozilla Firefox\xul.dll+84ead3|C:\Program Files\Mozilla Firefox\xul.dll+17b26ed|C:\Program Files\Mozilla Firefox\xul.dll+17b0885|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+1fc8e|C:\Program Files\Mozilla Firefox\xul.dll+8523f7|C:\Program Files\Mozilla Firefox\nss3.dll+75edc|C:\Program Files\Mozilla Firefox\nss3.dll+8c1d1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000342810Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.591{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exe104.0.2FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6140.31.496469274\163692801" -childID 28 -isForBrowser -prefsHandle 6912 -prefMapHandle 6892 -prefsLen 31603 -prefMapSize 231974 -jsInitHandle 1100 -jsInitLen 247228 -a11yResourceId 64 -parentBuildID 20220902153754 -appDir "C:\Program Files\Mozilla Firefox\browser" - 6140 "\\.\pipe\gecko-crash-server-pipe.6140" 6868 2612a1d4f48 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{6820D070-4B7D-6323-1F63-0C0000000000}0xc631f2LowMD5=BBF69077780A3C362C8F6545B6B254B9,SHA256=9BA01237719ABB00128CC369D5BEA68E6EB6AFCAA47C4316EED174615B90E2B6,IMPHASH=9AE80BC4D7F699F3663D6FC8FC1CEAF0{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 10341000x8000000000000000342809Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.590{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342808Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.589{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342807Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.589{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342806Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.589{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342805Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.589{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000342804Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.589{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 10341000x8000000000000000342803Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.588{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342802Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.588{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342801Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.588{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342800Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.588{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\advapi32.dll10.0.14393.4886 (rs1_release.220104-1735)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=C42106182CCA611F629E46981D1A0EEA,SHA256=68C134F95A8D38AE84545C8D581F4BF808B6C9D97513EA3CABF019C66419CBAE,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x8000000000000000342799Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.588{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342798Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.588{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342797Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.588{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\nss3.dll104.0.2-FirefoxMozilla Foundationnss3.dllMD5=53509A4511300964ADB047AD5F1F1170,SHA256=2241536476C6C2CCE371DCFB08432C351198809A577FFC2E79D27FCEAAB6FEE5,IMPHASH=C637BF48786E5FC945D5268F49B50500trueMozilla CorporationValid 10341000x8000000000000000342796Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.587{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342795Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.587{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342794Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.587{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342793Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.587{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342792Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.587{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\KernelBase.dll10.0.14393.5246 (rs1_release.220701-1744)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=96EFBE3DB6300BB13E0720809302FF9F,SHA256=2DE51A861E8D47D75730027E8BD70554363E10449EC258527C491EE8D4A57C2F,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000342791Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.587{6820D070-4DF9-6323-1F01-000000007502}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.5192 (rs1_release.220610-1622)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=48620A4A9EE4129296C93ED63D5363B2,SHA256=1FACA8BACE6051E29DEB1BB593B7F17FDABCCFC7A0FC4562BD77AA7CFB579435,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 10341000x8000000000000000342790Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.587{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342789Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.586{6820D070-4DF9-6323-1F01-000000007502}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 10341000x8000000000000000342788Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.586{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342787Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.586{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342786Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.586{6820D070-4DF9-6323-1F01-000000007502}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000342785Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.586{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 734700x8000000000000000342784Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.586{6820D070-4DF9-6323-1F01-000000007502}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 10341000x8000000000000000342783Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.585{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342782Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.585{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342781Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.585{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342780Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.585{6820D070-4DF9-6323-1F01-000000007502}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=AD564ED89D67D88709AA5980BAE20604,SHA256=0EEBE5AA750667908006742E133AE1C273D966897B95B1A0E63826450BB4780A,IMPHASH=A48DFE6DD98128BE3EB687CBF2724A44trueSplunk, Inc.Valid 10341000x8000000000000000342779Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.585{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342778Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.585{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=92D599E644B89C0F9E7DDB55762EBEA6,SHA256=F32D28EE73EADAF9EF3F30145FA3C52B88DF47236B8747434750832BF1B9CDEE,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000342777Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.585{6820D070-4DF9-6323-1F01-000000007502}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2zaOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=B28B29D2F85EB8349BFB5E7214D7F4D5,SHA256=17260ACBE55D8988E598ECEFBC60140EBE057336B47D8089444588321F067280,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000342776Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.585{6820D070-4DF9-6323-1F01-000000007502}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000342775Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.585{6820D070-4DF9-6323-1F01-000000007502}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=98C643DECFE1971BE3E8B076B19BFD72,SHA256=A520C20F316C902985449BC17AB5F86FCF2F41420B08C1AE08BA06E767EB49F3,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000342774Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.584{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\gdi32full.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F284A98093B423946252259D7D2857D3,SHA256=193F70529B68EF108EA17ABC069E6DACF4541A547DF1D2F249F7555A58BCFA07,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000342773Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.584{6820D070-4DF9-6323-1F01-000000007502}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=9BC99DECE580BD163AC318FCD1ACB667,SHA256=94BA08021E14476ED8EC2DC81165574B64274E20F2D8DE9CA98CD0D10CE279F7,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000342772Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.584{6820D070-4DF9-6323-1F01-000000007502}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2zaOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=0FE6D3D4B3F4B0F5502371832D12BB8E,SHA256=3DF79909021C72E70D2AE273587296E5E2D5F77315011B5C3115CFA359682647,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000342771Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.584{6820D070-4DF9-6323-1F01-000000007502}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000342770Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.584{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000342769Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.584{6820D070-4DF9-6323-1F01-000000007502}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=FBA0D04D5A8AEA25D86EC623A14D0056,SHA256=D64FE508393C40160D1EFB22149C69763CBAA921BD1BC74C8D4AE59A10C3B767,IMPHASH=987AB6B8B03EE421D8CC59EAFE452916trueSplunk, Inc.Valid 10341000x8000000000000000342768Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.584{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342767Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.584{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342766Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.584{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x8000000000000000342765Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.583{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342764Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.583{6820D070-4DF9-6323-1F01-000000007502}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4770 (rs1_release.211101-1440)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=54417B63FB3760BC6DBC5DB1BDA4C272,SHA256=B7A8B457B252AB949C067D5FCFEFB2AE98E9115B958D2A0FC120D7B13B3E9FAD,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000342763Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.583{6820D070-4DF9-6323-1F01-000000007502}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 10341000x8000000000000000342762Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.583{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342761Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.583{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000342760Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.583{6820D070-4DF9-6323-1F01-000000007502}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.10libxml2 librarylibxml2-libxml2.dllMD5=20596DB2126E9F188727597F0FCC7CDB,SHA256=BAD6246A2B43B07FE80643DE40B0CE49751C8E0B95B076AD94E59F16CE8D8C0C,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 10341000x8000000000000000342759Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.583{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342758Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.583{6820D070-4DF9-6323-1F01-000000007502}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.5192 (rs1_release.220610-1622)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=336FBB55FF4D4E5A05343A51C98A8F74,SHA256=FD42EBCB39DD4311FA7515010FF4D08AC4DFF7D5C35FCB23207833ED4C2E8444,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 10341000x8000000000000000342757Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.583{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342756Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.583{6820D070-4DF9-6323-1F01-000000007502}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=EB53D1BF6E1667C8727EBBB5D5A862ED,SHA256=2B3D48DFA43A284B1C66A8A98B0A48104133D86EEEB2E8E060BE2281CF476348,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000342755Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.582{6820D070-4DF9-6323-1F01-000000007502}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F284A98093B423946252259D7D2857D3,SHA256=193F70529B68EF108EA17ABC069E6DACF4541A547DF1D2F249F7555A58BCFA07,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000342754Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.582{6820D070-4DF9-6323-1F01-000000007502}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000342753Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.582{6820D070-4DF9-6323-1F01-000000007502}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000342752Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.581{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4770 (rs1_release.211101-1440)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=54417B63FB3760BC6DBC5DB1BDA4C272,SHA256=B7A8B457B252AB949C067D5FCFEFB2AE98E9115B958D2A0FC120D7B13B3E9FAD,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000342751Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.581{6820D070-4DF9-6323-1F01-000000007502}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000342750Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.581{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000342749Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.581{6820D070-4DF9-6323-1F01-000000007502}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000342748Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.581{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntdll.dll10.0.14393.5006 (rs1_release.220301-1704)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=F5EE39B17A8BCDEDC3D40997C26F62B1,SHA256=11C1C88B1CC11D9800DEEF27ED7ABDFDE3DC852687A3B9FBD5153284106E5952,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x8000000000000000342747Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.579{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342746Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.581{6820D070-4DF9-6323-1F01-000000007502}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.5291 (rs1_release.220806-1444)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=F8550606B41FF309D9A1DC76BB4EE875,SHA256=A1FFDD6A2EDA9E0CF047C74B00649A2EA228E3B8BDE1761C66879FA40335C2EB,IMPHASH=C4246EC3F13C64466ED4274DBAA3B132trueMicrosoft WindowsValid 734700x8000000000000000342745Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.580{6820D070-4DF9-6323-1F01-000000007502}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.5006 (rs1_release.220301-1704)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=9F0F4C38A22FC9FFB8814F77A9563680,SHA256=E9ABDA1063716301F5D06DBC94D6A35B3F53A14B946525E5F764485132DB6166,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000342744Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.580{6820D070-4DF9-6323-1F01-000000007502}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 17141700x8000000000000000342743Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:25.580{6820D070-4D64-6323-ED00-000000007502}6140\chrome.6140.34.99240149C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000342742Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.580{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\firefox.exe104.0.2FirefoxFirefoxMozilla Corporationfirefox.exeMD5=BBF69077780A3C362C8F6545B6B254B9,SHA256=9BA01237719ABB00128CC369D5BEA68E6EB6AFCAA47C4316EED174615B90E2B6,IMPHASH=9AE80BC4D7F699F3663D6FC8FC1CEAF0trueMozilla CorporationValid 734700x8000000000000000342741Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.580{6820D070-4DF9-6323-1F01-000000007502}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000342740Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.580{6820D070-4DF9-6323-1F01-000000007502}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4886 (rs1_release.220104-1735)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=C42106182CCA611F629E46981D1A0EEA,SHA256=68C134F95A8D38AE84545C8D581F4BF808B6C9D97513EA3CABF019C66419CBAE,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x8000000000000000342739Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.579{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000342738Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.579{6820D070-4AF2-6323-7D00-000000007502}3084NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2BE0753C5DF4E05E61FFFED3F11B0110,SHA256=DC9D28F9E2EEE48942A6C8D08FCEEDF0044C784D2430033851CE49C8103F558C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000342737Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.578{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342736Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.578{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 17141700x8000000000000000342735Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:25.578{6820D070-4D64-6323-ED00-000000007502}6140\chrome.6140.33.105993728C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000342734Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.577{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\vcruntime140_1.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140_1.dllMD5=135359D350F72AD4BF716B764D39E749,SHA256=34048ABAA070ECC13B318CEA31425F4CA3EDD133D350318AC65259E6058C8B32,IMPHASH=AE0BDE6314FA2027B54CE04898F6AB69trueMicrosoft CorporationValid 10341000x8000000000000000342733Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.577{6820D070-4AE0-6323-3A00-000000007502}34043444C:\Windows\system32\conhost.exe{6820D070-4DF9-6323-1F01-000000007502}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8df|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342732Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.575{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\vcruntime140.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140.dllMD5=F34EB034AA4A9735218686590CBA2E8B,SHA256=9D2B40F0395CC5D1B4D5EA17B84970C29971D448C37104676DB577586D4AD1B1,IMPHASH=44C3854843F7A3FCCDF8DDBBEA66F302trueMicrosoft CorporationValid 734700x8000000000000000342731Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.575{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp140.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationmsvcp140.dllMD5=6DA7F4530EDB350CF9D967D969CCECF8,SHA256=9FEE6F36547D6F6EA7CA0338655555DBA6BB0F798BC60334D29B94D1547DA4DA,IMPHASH=2BA11FD5A511C8A409E705E9AB6B5DC1trueMicrosoft CorporationValid 734700x8000000000000000342730Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.574{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242,IMPHASH=B6562243FBF394F03046E917C719260FtrueMicrosoft WindowsValid 734700x8000000000000000342729Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.574{6820D070-4DF9-6323-1F01-000000007502}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.5246 (rs1_release.220701-1744)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=96EFBE3DB6300BB13E0720809302FF9F,SHA256=2DE51A861E8D47D75730027E8BD70554363E10449EC258527C491EE8D4A57C2F,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000342728Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.574{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\crypt32.dll10.0.14393.5291 (rs1_release.220806-1444)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=0D54B119907CCD11827832973EAB917D,SHA256=78C28A0165B0A2581662CFB3A89E319006518DC2E1A664E6027C7F8EBFA05D92,IMPHASH=42B269CD88D7BD841B43BB1788792A62trueMicrosoft WindowsValid 734700x8000000000000000342727Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.573{6820D070-4DF9-6323-1F01-000000007502}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=92D599E644B89C0F9E7DDB55762EBEA6,SHA256=F32D28EE73EADAF9EF3F30145FA3C52B88DF47236B8747434750832BF1B9CDEE,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 17141700x8000000000000000342726Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:25.573{6820D070-4D64-6323-ED00-000000007502}6140\chrome.6140.32.23495975C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000342725Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.573{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\mozglue.dll104.0.2-FirefoxMozilla Foundationmozglue.dllMD5=D81C40EAA529D675598BD3D88F4D273B,SHA256=F89754F1E16A89AF01B5A3B2F4FDE652AA14DBA3131FB9A831D1E51E2E4D9359,IMPHASH=59035CC8561E9C04E566E656F35B9519trueMozilla CorporationValid 10341000x8000000000000000342724Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.573{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342723Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.573{6820D070-4DF9-6323-1F01-000000007502}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.5006 (rs1_release.220301-1704)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=F5EE39B17A8BCDEDC3D40997C26F62B1,SHA256=11C1C88B1CC11D9800DEEF27ED7ABDFDE3DC852687A3B9FBD5153284106E5952,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x8000000000000000342722Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.572{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342721Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.572{6820D070-4DF9-6323-1F01-000000007502}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=82B4C70E6AA15CE4AABB631DA73429A2,SHA256=80ECB7DFA33366FD12D6796A32E0435355F620DA83A8894D00BBAB09197A0F10,IMPHASH=1BDECF92268D3D3EF70015DDFEB0FFB9trueSplunk, Inc.Valid 734700x8000000000000000342720Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.572{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 10341000x8000000000000000342719Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.572{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342718Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.572{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342717Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.572{6820D070-4B7C-6323-8800-000000007502}6281180C:\Windows\system32\csrss.exe{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000342716Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.571{6820D070-4D64-6323-ED00-000000007502}61405840C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b830|C:\Windows\System32\KERNELBASE.dll+6f523|C:\Windows\System32\ADVAPI32.dll+189bf|C:\Program Files\Mozilla Firefox\firefox.exe+2bb52|C:\Program Files\Mozilla Firefox\firefox.exe+59d7|C:\Program Files\Mozilla Firefox\xul.dll+203367f|C:\Program Files\Mozilla Firefox\xul.dll+9f4a88|C:\Program Files\Mozilla Firefox\xul.dll+9f2b85|C:\Program Files\Mozilla Firefox\xul.dll+9faa2e|C:\Program Files\Mozilla Firefox\xul.dll+84ead3|C:\Program Files\Mozilla Firefox\xul.dll+17b26ed|C:\Program Files\Mozilla Firefox\xul.dll+17b0967|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+1fc8e|C:\Program Files\Mozilla Firefox\xul.dll+8523f7|C:\Program Files\Mozilla Firefox\nss3.dll+75edc|C:\Program Files\Mozilla Firefox\nss3.dll+8c1d1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000342715Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.571{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exe104.0.2FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6140.30.1089626910\1760616962" -childID 27 -isForBrowser -prefsHandle 6784 -prefMapHandle 6788 -prefsLen 31603 -prefMapSize 231974 -jsInitHandle 1100 -jsInitLen 247228 -a11yResourceId 64 -parentBuildID 20220902153754 -appDir "C:\Program Files\Mozilla Firefox\browser" - 6140 "\\.\pipe\gecko-crash-server-pipe.6140" 6792 2612f260448 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{6820D070-4B7D-6323-1F63-0C0000000000}0xc631f2LowMD5=BBF69077780A3C362C8F6545B6B254B9,SHA256=9BA01237719ABB00128CC369D5BEA68E6EB6AFCAA47C4316EED174615B90E2B6,IMPHASH=9AE80BC4D7F699F3663D6FC8FC1CEAF0{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 10341000x8000000000000000342714Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.570{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342713Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.570{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342712Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.570{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342711Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.569{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342710Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.569{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342709Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.569{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342708Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.569{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342707Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.569{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342706Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.568{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342705Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.568{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342704Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.568{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342703Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.568{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\KernelBase.dll10.0.14393.5246 (rs1_release.220701-1744)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=96EFBE3DB6300BB13E0720809302FF9F,SHA256=2DE51A861E8D47D75730027E8BD70554363E10449EC258527C491EE8D4A57C2F,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 10341000x8000000000000000342702Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.568{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342701Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.568{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342700Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.567{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342699Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.567{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 17141700x8000000000000000342698Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:25.567{6820D070-4D64-6323-ED00-000000007502}6140\chrome.6140.31.49646927C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000342697Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.567{6820D070-4ACF-6323-0500-000000007502}404420C:\Windows\system32\csrss.exe{6820D070-4DF9-6323-1F01-000000007502}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000342696Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.567{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342695Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.567{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342694Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.566{6820D070-4ADF-6323-3200-000000007502}29363888C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6820D070-4DF9-6323-1F01-000000007502}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b830|C:\Windows\System32\KERNELBASE.dll+6b316|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e499f1|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+1b3255|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+1bd30d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+1b59b6|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+dd3c14|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+1bd79a|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+1c0f1c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+dd07d2|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+dd491d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+1bb965|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+dc694e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000342693Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.566{6820D070-4DF9-6323-1F01-000000007502}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6820D070-4ACF-6323-E703-000000000000}0x3e70SystemMD5=82B4C70E6AA15CE4AABB631DA73429A2,SHA256=80ECB7DFA33366FD12D6796A32E0435355F620DA83A8894D00BBAB09197A0F10,IMPHASH=1BDECF92268D3D3EF70015DDFEB0FFB9{6820D070-4ADF-6323-3200-000000007502}2936C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000342692Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.566{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342691Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.566{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342690Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.566{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342689Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.566{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342688Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.565{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342687Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.565{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342686Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.565{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342685Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.565{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342684Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.565{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=92D599E644B89C0F9E7DDB55762EBEA6,SHA256=F32D28EE73EADAF9EF3F30145FA3C52B88DF47236B8747434750832BF1B9CDEE,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 10341000x8000000000000000342683Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.564{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342682Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.562{6820D070-4D64-6323-ED00-000000007502}61404264C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+27040|C:\Program Files\Mozilla Firefox\xul.dll+e7c824|C:\Program Files\Mozilla Firefox\xul.dll+e76539|C:\Program Files\Mozilla Firefox\xul.dll+e6774a|C:\Program Files\Mozilla Firefox\xul.dll+378cdc3|C:\Program Files\Mozilla Firefox\xul.dll+7c6334|C:\Program Files\Mozilla Firefox\xul.dll+1a629d7|C:\Program Files\Mozilla Firefox\xul.dll+17b18ec|C:\Program Files\Mozilla Firefox\xul.dll+1a88fb4|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+1fc8e|C:\Program Files\Mozilla Firefox\xul.dll+180dd8|C:\Program Files\Mozilla Firefox\xul.dll+17fd52|C:\Program Files\Mozilla Firefox\xul.dll+44a9b51|C:\Program Files\Mozilla Firefox\xul.dll+4511b42|C:\Program Files\Mozilla Firefox\xul.dll+451296c|C:\Program Files\Mozilla Firefox\xul.dll+1f8be23|C:\Program Files\Mozilla Firefox\firefox.exe+19db6|C:\Program Files\Mozilla Firefox\firefox.exe+27d18|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 17141700x8000000000000000342681Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:25.561{6820D070-4D64-6323-ED00-000000007502}6140\chrome.6140.30.108962691C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000342680Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.560{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntdll.dll10.0.14393.5006 (rs1_release.220301-1704)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=F5EE39B17A8BCDEDC3D40997C26F62B1,SHA256=11C1C88B1CC11D9800DEEF27ED7ABDFDE3DC852687A3B9FBD5153284106E5952,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000342679Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.559{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\firefox.exe104.0.2FirefoxFirefoxMozilla Corporationfirefox.exeMD5=BBF69077780A3C362C8F6545B6B254B9,SHA256=9BA01237719ABB00128CC369D5BEA68E6EB6AFCAA47C4316EED174615B90E2B6,IMPHASH=9AE80BC4D7F699F3663D6FC8FC1CEAF0trueMozilla CorporationValid 10341000x8000000000000000342678Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.559{6820D070-4D64-6323-ED00-000000007502}61405612C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+9f9b59|C:\Program Files\Mozilla Firefox\xul.dll+7c6334|C:\Program Files\Mozilla Firefox\xul.dll+1a7fd3f|C:\Program Files\Mozilla Firefox\xul.dll+12cb5|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+127e7|C:\Program Files\Mozilla Firefox\xul.dll+9e0231|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342677Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.557{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342676Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.557{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342675Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.555{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342674Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.555{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342673Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.551{6820D070-4B7C-6323-8800-000000007502}6281180C:\Windows\system32\csrss.exe{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000342672Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.550{6820D070-4D64-6323-ED00-000000007502}61405840C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b830|C:\Windows\System32\KERNELBASE.dll+6f523|C:\Windows\System32\ADVAPI32.dll+189bf|C:\Program Files\Mozilla Firefox\firefox.exe+2bb52|C:\Program Files\Mozilla Firefox\firefox.exe+59d7|C:\Program Files\Mozilla Firefox\xul.dll+203367f|C:\Program Files\Mozilla Firefox\xul.dll+9f4a88|C:\Program Files\Mozilla Firefox\xul.dll+9f2b85|C:\Program Files\Mozilla Firefox\xul.dll+9faa2e|C:\Program Files\Mozilla Firefox\xul.dll+84ead3|C:\Program Files\Mozilla Firefox\xul.dll+17b26ed|C:\Program Files\Mozilla Firefox\xul.dll+17b0967|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+1fc8e|C:\Program Files\Mozilla Firefox\xul.dll+8523f7|C:\Program Files\Mozilla Firefox\nss3.dll+75edc|C:\Program Files\Mozilla Firefox\nss3.dll+8c1d1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000342671Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.550{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exe104.0.2FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6140.29.463431823\1880803342" -childID 26 -isForBrowser -prefsHandle 4796 -prefMapHandle 6888 -prefsLen 31603 -prefMapSize 231974 -jsInitHandle 1100 -jsInitLen 247228 -a11yResourceId 64 -parentBuildID 20220902153754 -appDir "C:\Program Files\Mozilla Firefox\browser" - 6140 "\\.\pipe\gecko-crash-server-pipe.6140" 6840 2612f260148 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{6820D070-4B7D-6323-1F63-0C0000000000}0xc631f2LowMD5=BBF69077780A3C362C8F6545B6B254B9,SHA256=9BA01237719ABB00128CC369D5BEA68E6EB6AFCAA47C4316EED174615B90E2B6,IMPHASH=9AE80BC4D7F699F3663D6FC8FC1CEAF0{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 10341000x8000000000000000342670Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.549{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342669Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.549{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342668Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.549{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342667Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.549{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342666Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.548{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342665Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.548{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342664Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.548{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342663Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.547{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342662Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.547{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342661Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.547{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342660Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.547{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342659Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.547{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342658Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.546{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342657Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.546{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342656Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.546{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342655Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.545{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342654Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.545{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342653Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.545{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342652Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.545{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342651Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.544{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342650Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.544{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342649Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.544{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342648Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.542{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342647Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.542{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342646Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.542{6820D070-4ACF-6323-0B00-000000007502}620668C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342645Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.541{6820D070-4ACF-6323-0B00-000000007502}620668C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 17141700x8000000000000000342644Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:25.538{6820D070-4D64-6323-ED00-000000007502}6140\chrome.6140.29.46343182C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000342643Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.519{6820D070-4D64-6323-ED00-000000007502}61404264C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+27040|C:\Program Files\Mozilla Firefox\xul.dll+e7c824|C:\Program Files\Mozilla Firefox\xul.dll+e76539|C:\Program Files\Mozilla Firefox\xul.dll+e76f08|C:\Program Files\Mozilla Firefox\xul.dll+e65430|C:\Program Files\Mozilla Firefox\xul.dll+42b8d36|C:\Program Files\Mozilla Firefox\xul.dll+2412b58|C:\Program Files\Mozilla Firefox\xul.dll+9b8b70|C:\Program Files\Mozilla Firefox\xul.dll+9707a1|C:\Program Files\Mozilla Firefox\xul.dll+1810d8|C:\Program Files\Mozilla Firefox\xul.dll+9bc4e5|C:\Program Files\Mozilla Firefox\xul.dll+97c5dc|C:\Program Files\Mozilla Firefox\xul.dll+97f821|C:\Program Files\Mozilla Firefox\xul.dll+97e4db|C:\Program Files\Mozilla Firefox\xul.dll+97d705|C:\Program Files\Mozilla Firefox\xul.dll+988af0|C:\Program Files\Mozilla Firefox\xul.dll+8b5b12|C:\Program Files\Mozilla Firefox\xul.dll+83635f|C:\Program Files\Mozilla Firefox\xul.dll+1a629d7|C:\Program Files\Mozilla Firefox\xul.dll+1a61c23|C:\Program Files\Mozilla Firefox\xul.dll+17b1bad|C:\Program Files\Mozilla Firefox\xul.dll+1a890bb 354300x8000000000000000342642Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.478{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local64561-false172.217.4.34ord38s18-in-f2.1e100.net443https 10341000x8000000000000000342641Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.464{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exe0x1010C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000342640Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.464{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000342639Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.464{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000342638Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.463{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exe0x1010C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000342637Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.463{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000342636Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.463{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000342635Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.440{6820D070-4D64-6323-ED00-000000007502}61404264C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF7-6323-1801-000000007502}6996C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+27040|C:\Program Files\Mozilla Firefox\xul.dll+e7c824|C:\Program Files\Mozilla Firefox\xul.dll+e76539|C:\Program Files\Mozilla Firefox\xul.dll+e76f08|C:\Program Files\Mozilla Firefox\xul.dll+e65430|C:\Program Files\Mozilla Firefox\xul.dll+42b8d36|C:\Program Files\Mozilla Firefox\xul.dll+2412b58|C:\Program Files\Mozilla Firefox\xul.dll+9b8b70|C:\Program Files\Mozilla Firefox\xul.dll+9707a1|C:\Program Files\Mozilla Firefox\xul.dll+1810d8|C:\Program Files\Mozilla Firefox\xul.dll+9bc4e5|C:\Program Files\Mozilla Firefox\xul.dll+97c5dc|C:\Program Files\Mozilla Firefox\xul.dll+97f821|C:\Program Files\Mozilla Firefox\xul.dll+97e4db|C:\Program Files\Mozilla Firefox\xul.dll+97d705|C:\Program Files\Mozilla Firefox\xul.dll+988af0|C:\Program Files\Mozilla Firefox\xul.dll+8b5b12|C:\Program Files\Mozilla Firefox\xul.dll+83635f|C:\Program Files\Mozilla Firefox\xul.dll+1a629d7|C:\Program Files\Mozilla Firefox\xul.dll+17b18ec|C:\Program Files\Mozilla Firefox\xul.dll+1a88fb4|C:\Program Files\Mozilla Firefox\xul.dll+9e349f 10341000x8000000000000000342634Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.420{6820D070-4D64-6323-ED00-000000007502}61404264C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF6-6323-1601-000000007502}5640C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+27040|C:\Program Files\Mozilla Firefox\xul.dll+e7c824|C:\Program Files\Mozilla Firefox\xul.dll+e76539|C:\Program Files\Mozilla Firefox\xul.dll+e76f08|C:\Program Files\Mozilla Firefox\xul.dll+e65430|C:\Program Files\Mozilla Firefox\xul.dll+42b8d36|C:\Program Files\Mozilla Firefox\xul.dll+2412b58|C:\Program Files\Mozilla Firefox\xul.dll+9b8b70|C:\Program Files\Mozilla Firefox\xul.dll+9707a1|C:\Program Files\Mozilla Firefox\xul.dll+1810d8|C:\Program Files\Mozilla Firefox\xul.dll+9bc4e5|C:\Program Files\Mozilla Firefox\xul.dll+97c5dc|C:\Program Files\Mozilla Firefox\xul.dll+97f821|C:\Program Files\Mozilla Firefox\xul.dll+97e4db|C:\Program Files\Mozilla Firefox\xul.dll+97d705|C:\Program Files\Mozilla Firefox\xul.dll+988af0|C:\Program Files\Mozilla Firefox\xul.dll+8b5b12|C:\Program Files\Mozilla Firefox\xul.dll+83635f|C:\Program Files\Mozilla Firefox\xul.dll+1a629d7|C:\Program Files\Mozilla Firefox\xul.dll+17b18ec|C:\Program Files\Mozilla Firefox\xul.dll+1a88fb4|C:\Program Files\Mozilla Firefox\xul.dll+9e349f 354300x8000000000000000342633Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.397{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50224-false172.217.4.34ord38s18-in-f2.1e100.net443https 354300x8000000000000000342632Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.381{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local64560- 354300x8000000000000000342631Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.379{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local55099- 354300x8000000000000000342630Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.348{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local54639- 354300x8000000000000000342629Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.347{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local59147- 354300x8000000000000000342628Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.346{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local56615- 354300x8000000000000000342627Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.343{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local58814- 354300x8000000000000000342626Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.341{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local61693- 354300x8000000000000000342625Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.340{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local60356- 354300x8000000000000000342624Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.295{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50223-false35.170.152.34ec2-35-170-152-34.compute-1.amazonaws.com443https 354300x8000000000000000342623Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.294{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50222-false74.119.119.150-443https 354300x8000000000000000342622Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.285{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local55200- 354300x8000000000000000342621Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.283{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50221-false52.223.40.198a6370ebea231e0c9a.awsglobalaccelerator.com443https 354300x8000000000000000342620Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.283{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local60713- 354300x8000000000000000342619Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.283{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53757- 354300x8000000000000000342618Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.281{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local57194- 354300x8000000000000000342617Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.281{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local54075- 354300x8000000000000000342616Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.279{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53944- 354300x8000000000000000342615Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.278{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local61607- 354300x8000000000000000342614Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.278{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local64387- 354300x8000000000000000342613Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.272{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50220-false69.192.209.51a69-192-209-51.deploy.static.akamaitechnologies.com443https 354300x8000000000000000342612Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.270{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50219-false69.192.209.51a69-192-209-51.deploy.static.akamaitechnologies.com443https 354300x8000000000000000342611Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.268{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53531- 354300x8000000000000000342610Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.268{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local59686- 354300x8000000000000000342609Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.267{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local56320- 354300x8000000000000000342608Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.265{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local61514- 354300x8000000000000000342607Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.252{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local64367- 354300x8000000000000000342606Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.229{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local61150- 354300x8000000000000000342605Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.187{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50218-false52.73.161.63ec2-52-73-161-63.compute-1.amazonaws.com443https 734700x8000000000000000342604Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.156{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\freebl3.dll104.0.2-FirefoxMozilla Foundationfreebl3.dllMD5=E955B74FC4EC39B2FBA71B95F5785511,SHA256=AF895F69461521DC6DE09FA62D81F833D63D8559CA58FDBDACDDEBAF756FE717,IMPHASH=603677F758E7CEE100C502B5C0E50293trueMozilla CorporationValid 734700x8000000000000000342603Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.156{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\softokn3.dll104.0.2-FirefoxMozilla Foundationsoftokn3.dllMD5=4E78CA1C6C19DE0E2F37505183B005A8,SHA256=ADFA856F86B98E90DA37A1BDA1ABC261A6A871042FB342F93F43C6777E9E3CE2,IMPHASH=8217C8B17239D6236F43DE3AC007B8A6trueMozilla CorporationValid 10341000x8000000000000000342602Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.152{6820D070-4AD1-6323-1200-000000007502}3961540C:\Windows\system32\svchost.exe{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cd4|c:\windows\system32\fntcache.dll+17a6f|c:\windows\system32\fntcache.dll+1a637|c:\windows\system32\fntcache.dll+1aa6c|c:\windows\system32\fntcache.dll+501de|c:\windows\system32\fntcache.dll+4fee2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342601Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.150{6820D070-4AD1-6323-1200-000000007502}3961540C:\Windows\system32\svchost.exe{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cd4|c:\windows\system32\fntcache.dll+17a6f|c:\windows\system32\fntcache.dll+1a637|c:\windows\system32\fntcache.dll+1aa6c|c:\windows\system32\fntcache.dll+501de|c:\windows\system32\fntcache.dll+4fee2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000342600Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.150{6820D070-4AF2-6323-7D00-000000007502}3084NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D581FF203B6DDDAE91DC9123B93E27D7,SHA256=B9D69DEF5B5970517827A69C7C33051EA324080036427201B82F7FCF185FFEDD,IMPHASH=00000000000000000000000000000000falsetrue 734700x8000000000000000342599Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.146{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\DWrite.dll10.0.14393.4704 (rs1_release.211004-1917)Microsoft DirectX Typography ServicesMicrosoft® Windows® Operating SystemMicrosoft CorporationDWriteMD5=E6024B83C3D336E71E636E2816A0F6C6,SHA256=6BCFB676656A149E0307D6BA0AEE58FA6057BB8A920B57505CD2B90C8968DF94,IMPHASH=4DF173E853B52F621D05CC337B9F72CEtrueMicrosoft WindowsValid 734700x8000000000000000342598Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.145{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\devobj.dll10.0.14393.0 (rs1_release.160715-1616)Device Information Set DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationdevinfoset.DLLMD5=72AD993A6E896EB50058A73D045F3284,SHA256=CFF524F52D5F91788F34A47076E0CA36132890981079B27F559279B3F6FC3B11,IMPHASH=DFDCA72C641F8587ADF49CA0ED1D5817trueMicrosoft WindowsValid 734700x8000000000000000342597Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.144{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\setupapi.dll10.0.14393.2608 (rs1_release.181024-1742)Windows Setup APIMicrosoft® Windows® Operating SystemMicrosoft CorporationSETUPAPI.DLLMD5=8EEA3E9E124AC395915517588723F12E,SHA256=ED63B8F0079069271F46EECCB4B0CF384D02BD1E18FE3BA635A0C0B1284B2CBE,IMPHASH=5910ADAAC44A92AFA6ED871531949CEEtrueMicrosoft WindowsValid 734700x8000000000000000342596Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.141{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ole32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=EB53D1BF6E1667C8727EBBB5D5A862ED,SHA256=2B3D48DFA43A284B1C66A8A98B0A48104133D86EEEB2E8E060BE2281CF476348,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 10341000x8000000000000000342595Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.140{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\lsasrv.dll+26e07|C:\Windows\system32\lsasrv.dll+27f99|C:\Windows\system32\lsasrv.dll+26c85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342594Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.140{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2bdcf|C:\Windows\system32\lsasrv.dll+26bcd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342593Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.140{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\sspicli.dll10.0.14393.5006 (rs1_release.220301-1704)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=F0258C58C8DC45AF9B5AAF9BA49E0C53,SHA256=8E1EAA39742CC0E97D615229E9C13C8447B8D115B4678A1F03BE3E8E20345521,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x8000000000000000342592Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.138{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\userenv.dll10.0.14393.4583 (rs1_release.210730-1850)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=E0F286AF345442E267C33880492CED31,SHA256=5C6D66F5A748551999BE1CDE33A3A1FC2E10D1297EF275D232A9FDCC95BEA84B,IMPHASH=C84FC60AE2A79A06E8C46A6929CDECB4trueMicrosoft WindowsValid 734700x8000000000000000342591Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.136{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 734700x8000000000000000342590Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.136{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\shlwapi.dll10.0.14393.5125 (rs1_release.220429-1732)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=407E895A220DE1A60C5B555A113FE998,SHA256=FE184347784F83953457146562E0F6C87C8DA04D0288415465631325A2A98C92,IMPHASH=9F3DE8492A7F075320A36332ACC9CAAFtrueMicrosoft WindowsValid 734700x8000000000000000342589Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.135{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575,IMPHASH=CBD4A2FD581B65B4B1934DA291FA2B86trueMicrosoft WindowsValid 734700x8000000000000000342588Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.135{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\windows.storage.dll10.0.14393.5291 (rs1_release.220806-1444)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=AA86B65DCB0ECF7263B863DE2A4E8D00,SHA256=2C4E0CA21438A610DCC55E24190146254E959DC5B8A0DE00BE517365CCCB10FB,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 734700x8000000000000000342587Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.134{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\shell32.dll10.0.14393.5291 (rs1_release.220806-1444)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=D73641916AB4964C7FE9B4A37473A01B,SHA256=4BB60581FB93D73CDC4F1FBEA2DDACE5D16FE61B6E0E16622C326B6E2F407A7E,IMPHASH=2A461CACC80CB7AC077398BD06B4057AtrueMicrosoft WindowsValid 18141800x8000000000000000342586Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:25.130{6820D070-4D64-6323-ED00-000000007502}6140\LOCAL\cubeb-pipe-6140-24C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000342585Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:25.130{6820D070-4D64-6323-ED00-000000007502}6140\LOCAL\cubeb-pipe-6140-24C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000342584Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.128{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704,IMPHASH=1835EBC72F9ADB09C6FCFABC04AC9C89trueMicrosoft WindowsValid 734700x8000000000000000342583Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.128{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winmmbase.dll10.0.14393.0 (rs1_release.160715-1616)Base Multimedia Extension API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMMbase.DLLMD5=24C1E8F8C10471C5A6F0E8AF141211EB,SHA256=75ECAE23C920D81614BA5C0648377C2FC04C7379FD6A388C244A81F50AAB7B1C,IMPHASH=0B9A3C99AAFA99247F9E2BD866186AEAtrueMicrosoft WindowsValid 734700x8000000000000000342582Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.127{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winmm.dll10.0.14393.0 (rs1_release.160715-1616)MCI API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMM.DLLMD5=F16410F5D557337B05CF4F93691EC106,SHA256=2B5BC3C0A6514356C6719298FC25D8D192A2C973EE3283EF48379D2745C9BD87,IMPHASH=9F0D37252D56D3F9E44E69CCC59B57AEtrueMicrosoft WindowsValid 10341000x8000000000000000342581Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.113{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+406b6|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+54cfb|C:\Windows\System32\RPCRT4.dll+533da|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342580Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.112{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntmarta.dll10.0.14393.0 (rs1_release.160715-1616)Windows NT MARTA providerMicrosoft® Windows® Operating SystemMicrosoft Corporationntmarta.dllMD5=854A3CAE7C97B630158C9F7EE8555970,SHA256=20F0A4D99C5095A0CAC39B816BFC987F64CD051843C79E027714666375986176,IMPHASH=98050D95AE15C8382F287539F2BF65FAtrueMicrosoft WindowsValid 734700x8000000000000000342579Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.111{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12,IMPHASH=67E6A4C8E164C0229E3FF1626F1894C6trueMicrosoft WindowsValid 18141800x8000000000000000342578Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:25.111{6820D070-4D64-6323-ED00-000000007502}6140\gecko.6140.5612.18370384061194943154C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000342577Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:25.111{6820D070-4D64-6323-ED00-000000007502}6140\gecko.6140.5612.18370384061194943154C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000342576Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.111{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x8000000000000000342575Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.110{6820D070-4D64-6323-ED00-000000007502}61405612C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1a81b5a|C:\Program Files\Mozilla Firefox\xul.dll+1a7fb67|C:\Program Files\Mozilla Firefox\xul.dll+12cb5|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+127e7|C:\Program Files\Mozilla Firefox\xul.dll+9e0231|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000342574Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:25.110{6820D070-4D64-6323-ED00-000000007502}6140\chrome.6140.28.49449374C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000342573Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.106{6820D070-4D64-6323-ED00-000000007502}61404084C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+114dfb|C:\Program Files\Mozilla Firefox\xul.dll+12ee2b1|C:\Windows\SYSTEM32\ntdll.dll+7f61d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed13|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000342572Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:25.106{6820D070-4D64-6323-ED00-000000007502}6140\gecko-crash-server-pipe.6140C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000342571Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.101{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\version.dll10.0.14393.0 (rs1_release.160715-1616)Version Checking and File Installation LibrariesMicrosoft® Windows® Operating SystemMicrosoft CorporationVERSION.DLLMD5=CFDB018AC09F879CAAE7A66CA7880D57,SHA256=6AB95FD0D142CFFC3B9455AF51F003E1CD75B7F4323820390B975F9E1C8A47A5,IMPHASH=9A7C66851249D4CED6C2C9096DCA243BtrueMicrosoft WindowsValid 734700x8000000000000000342570Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.100{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\SHCore.dll10.0.14393.5066 (rs1_release.220401-1841)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=FC58D75DDAF44088B9101BE2418B1967,SHA256=74A0CCA04F2405A329897A6A1A3E90A0CE48E5772F85E7188C75677CD9D78160,IMPHASH=3C09BDCE2388320645D7656AE2AC744CtrueMicrosoft WindowsValid 734700x8000000000000000342569Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.100{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\combase.dll10.0.14393.5192 (rs1_release.220610-1622)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=336FBB55FF4D4E5A05343A51C98A8F74,SHA256=FD42EBCB39DD4311FA7515010FF4D08AC4DFF7D5C35FCB23207833ED4C2E8444,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000342568Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.100{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000342567Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.099{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000342566Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.099{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36,IMPHASH=FF25576501EAFD13671A6D5075C4513EtrueMicrosoft WindowsValid 734700x8000000000000000342565Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.098{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000342564Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.098{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wintrust.dll10.0.14393.5125 (rs1_release.220429-1732)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=55FCE44E89BDA2444619661FE50F43EE,SHA256=420CACA0D821E7E9F1D1E683E9899BC2F6D5A4AA06C8D4BB23335DD9490CC0F8,IMPHASH=8B8383FC3FA03C92F859A2AF899A52ADtrueMicrosoft WindowsValid 734700x8000000000000000342563Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.098{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll104.0.2-FirefoxMozilla Foundationxul.dllMD5=0A51F22D078855CE4E32F0987E9B06C6,SHA256=CD073C7F42A13D192E8E96AC16B0C2BE56D40424768DC65733380AB4AFBD4716,IMPHASH=9A9A84C657A1B1C5F1F6F1989D349543trueMozilla CorporationValid 734700x8000000000000000342562Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.097{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\lgpllibs.dll104.0.2-FirefoxMozilla Foundationlgpllibs.dllMD5=8A81C934123E7CA79B7A1741570D3336,SHA256=0A0F351BBB315E6364398A55F77607E57C29CB83BEE9FC6D7EA6DC3D761964DA,IMPHASH=451AECEA9F58042E76D96A82BE2804FAtrueMozilla CorporationValid 734700x8000000000000000342561Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.096{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wsock32.dll10.0.14393.0 (rs1_release.160715-1616)Windows Socket 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationwsock32.dllMD5=9471D5E2FEDF5552440BF935143DFAB0,SHA256=B489197F05EFFFB17F10FA9942DB88100C86BEB8291F9ACC8EB38BEF751BF90D,IMPHASH=6D33A1BDF842DEBFB889C44A830190E7trueMicrosoft WindowsValid 734700x8000000000000000342560Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.095{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000342559Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.094{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\rpcrt4.dll10.0.14393.5291 (rs1_release.220806-1444)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=F8550606B41FF309D9A1DC76BB4EE875,SHA256=A1FFDD6A2EDA9E0CF047C74B00649A2EA228E3B8BDE1761C66879FA40335C2EB,IMPHASH=C4246EC3F13C64466ED4274DBAA3B132trueMicrosoft WindowsValid 734700x8000000000000000342558Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.094{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\sechost.dll10.0.14393.5006 (rs1_release.220301-1704)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=9F0F4C38A22FC9FFB8814F77A9563680,SHA256=E9ABDA1063716301F5D06DBC94D6A35B3F53A14B946525E5F764485132DB6166,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000342557Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.094{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000342556Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.094{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\advapi32.dll10.0.14393.4886 (rs1_release.220104-1735)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=C42106182CCA611F629E46981D1A0EEA,SHA256=68C134F95A8D38AE84545C8D581F4BF808B6C9D97513EA3CABF019C66419CBAE,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x8000000000000000342555Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.093{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\nss3.dll104.0.2-FirefoxMozilla Foundationnss3.dllMD5=53509A4511300964ADB047AD5F1F1170,SHA256=2241536476C6C2CCE371DCFB08432C351198809A577FFC2E79D27FCEAAB6FEE5,IMPHASH=C637BF48786E5FC945D5268F49B50500trueMozilla CorporationValid 734700x8000000000000000342554Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.091{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 734700x8000000000000000342553Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.088{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\gdi32full.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F284A98093B423946252259D7D2857D3,SHA256=193F70529B68EF108EA17ABC069E6DACF4541A547DF1D2F249F7555A58BCFA07,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000342552Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.088{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000342551Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.087{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000342550Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.087{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000342549Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.086{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4770 (rs1_release.211101-1440)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=54417B63FB3760BC6DBC5DB1BDA4C272,SHA256=B7A8B457B252AB949C067D5FCFEFB2AE98E9115B958D2A0FC120D7B13B3E9FAD,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000342548Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.086{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000342547Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.084{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\vcruntime140_1.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140_1.dllMD5=135359D350F72AD4BF716B764D39E749,SHA256=34048ABAA070ECC13B318CEA31425F4CA3EDD133D350318AC65259E6058C8B32,IMPHASH=AE0BDE6314FA2027B54CE04898F6AB69trueMicrosoft CorporationValid 734700x8000000000000000342546Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.083{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\vcruntime140.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140.dllMD5=F34EB034AA4A9735218686590CBA2E8B,SHA256=9D2B40F0395CC5D1B4D5EA17B84970C29971D448C37104676DB577586D4AD1B1,IMPHASH=44C3854843F7A3FCCDF8DDBBEA66F302trueMicrosoft CorporationValid 734700x8000000000000000342545Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.083{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp140.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationmsvcp140.dllMD5=6DA7F4530EDB350CF9D967D969CCECF8,SHA256=9FEE6F36547D6F6EA7CA0338655555DBA6BB0F798BC60334D29B94D1547DA4DA,IMPHASH=2BA11FD5A511C8A409E705E9AB6B5DC1trueMicrosoft CorporationValid 734700x8000000000000000342544Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.082{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242,IMPHASH=B6562243FBF394F03046E917C719260FtrueMicrosoft WindowsValid 734700x8000000000000000342543Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.082{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\crypt32.dll10.0.14393.5291 (rs1_release.220806-1444)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=0D54B119907CCD11827832973EAB917D,SHA256=78C28A0165B0A2581662CFB3A89E319006518DC2E1A664E6027C7F8EBFA05D92,IMPHASH=42B269CD88D7BD841B43BB1788792A62trueMicrosoft WindowsValid 734700x8000000000000000342542Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.082{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\mozglue.dll104.0.2-FirefoxMozilla Foundationmozglue.dllMD5=D81C40EAA529D675598BD3D88F4D273B,SHA256=F89754F1E16A89AF01B5A3B2F4FDE652AA14DBA3131FB9A831D1E51E2E4D9359,IMPHASH=59035CC8561E9C04E566E656F35B9519trueMozilla CorporationValid 734700x8000000000000000342541Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.081{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000342540Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.079{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\KernelBase.dll10.0.14393.5246 (rs1_release.220701-1744)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=96EFBE3DB6300BB13E0720809302FF9F,SHA256=2DE51A861E8D47D75730027E8BD70554363E10449EC258527C491EE8D4A57C2F,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000342539Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.079{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=92D599E644B89C0F9E7DDB55762EBEA6,SHA256=F32D28EE73EADAF9EF3F30145FA3C52B88DF47236B8747434750832BF1B9CDEE,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 10341000x8000000000000000342538Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.078{6820D070-4D64-6323-ED00-000000007502}61404264C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+27040|C:\Program Files\Mozilla Firefox\xul.dll+e7c824|C:\Program Files\Mozilla Firefox\xul.dll+e76539|C:\Program Files\Mozilla Firefox\xul.dll+e6774a|C:\Program Files\Mozilla Firefox\xul.dll+e75602|C:\Program Files\Mozilla Firefox\xul.dll+7c6334|C:\Program Files\Mozilla Firefox\xul.dll+1a629d7|C:\Program Files\Mozilla Firefox\xul.dll+1a61c23|C:\Program Files\Mozilla Firefox\xul.dll+17b1bad|C:\Program Files\Mozilla Firefox\xul.dll+1a890bb|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+1fc8e|C:\Program Files\Mozilla Firefox\xul.dll+180dd8|C:\Program Files\Mozilla Firefox\xul.dll+17fd52|C:\Program Files\Mozilla Firefox\xul.dll+44a9b51|C:\Program Files\Mozilla Firefox\xul.dll+4511b42|C:\Program Files\Mozilla Firefox\xul.dll+451296c|C:\Program Files\Mozilla Firefox\xul.dll+1f8be23|C:\Program Files\Mozilla Firefox\firefox.exe+19db6|C:\Program Files\Mozilla Firefox\firefox.exe+27d18|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000342537Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.078{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntdll.dll10.0.14393.5006 (rs1_release.220301-1704)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=F5EE39B17A8BCDEDC3D40997C26F62B1,SHA256=11C1C88B1CC11D9800DEEF27ED7ABDFDE3DC852687A3B9FBD5153284106E5952,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000342536Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.078{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\firefox.exe104.0.2FirefoxFirefoxMozilla Corporationfirefox.exeMD5=BBF69077780A3C362C8F6545B6B254B9,SHA256=9BA01237719ABB00128CC369D5BEA68E6EB6AFCAA47C4316EED174615B90E2B6,IMPHASH=9AE80BC4D7F699F3663D6FC8FC1CEAF0trueMozilla CorporationValid 10341000x8000000000000000342535Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.077{6820D070-4D64-6323-ED00-000000007502}61405612C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+9f9b59|C:\Program Files\Mozilla Firefox\xul.dll+7c6334|C:\Program Files\Mozilla Firefox\xul.dll+1a7fd3f|C:\Program Files\Mozilla Firefox\xul.dll+12cb5|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+127e7|C:\Program Files\Mozilla Firefox\xul.dll+9e0231|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342534Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.072{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342533Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.072{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342532Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.072{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342531Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.072{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342530Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.072{6820D070-4B7C-6323-8800-000000007502}6284268C:\Windows\system32\csrss.exe{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000342529Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.071{6820D070-4D64-6323-ED00-000000007502}61405840C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b830|C:\Windows\System32\KERNELBASE.dll+6f523|C:\Windows\System32\ADVAPI32.dll+189bf|C:\Program Files\Mozilla Firefox\firefox.exe+2bb52|C:\Program Files\Mozilla Firefox\firefox.exe+59d7|C:\Program Files\Mozilla Firefox\xul.dll+203367f|C:\Program Files\Mozilla Firefox\xul.dll+9f4a88|C:\Program Files\Mozilla Firefox\xul.dll+9f2b85|C:\Program Files\Mozilla Firefox\xul.dll+9faa2e|C:\Program Files\Mozilla Firefox\xul.dll+84ead3|C:\Program Files\Mozilla Firefox\xul.dll+17b26ed|C:\Program Files\Mozilla Firefox\xul.dll+17b0967|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+1fc8e|C:\Program Files\Mozilla Firefox\xul.dll+8523f7|C:\Program Files\Mozilla Firefox\nss3.dll+75edc|C:\Program Files\Mozilla Firefox\nss3.dll+8c1d1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000342528Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.071{6820D070-4DF9-6323-1D01-000000007502}7048C:\Program Files\Mozilla Firefox\firefox.exe104.0.2FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6140.28.494493743\100157754" -childID 25 -isForBrowser -prefsHandle 8908 -prefMapHandle 2452 -prefsLen 31603 -prefMapSize 231974 -jsInitHandle 1100 -jsInitLen 247228 -a11yResourceId 64 -parentBuildID 20220902153754 -appDir "C:\Program Files\Mozilla Firefox\browser" - 6140 "\\.\pipe\gecko-crash-server-pipe.6140" 7408 2612e5d1748 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{6820D070-4B7D-6323-1F63-0C0000000000}0xc631f2LowMD5=BBF69077780A3C362C8F6545B6B254B9,SHA256=9BA01237719ABB00128CC369D5BEA68E6EB6AFCAA47C4316EED174615B90E2B6,IMPHASH=9AE80BC4D7F699F3663D6FC8FC1CEAF0{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 10341000x8000000000000000342527Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.070{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342526Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.070{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342525Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.070{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342524Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.070{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342523Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.069{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342522Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.068{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342521Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.068{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342520Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.068{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342519Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.068{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342518Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.068{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342517Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.067{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342516Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.067{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342515Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.067{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342514Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.067{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342513Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.067{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342512Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.067{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342511Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.067{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342510Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.067{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342509Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.067{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342508Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.063{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342507Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.063{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342506Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.063{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342505Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.063{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342504Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.063{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342503Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.063{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342502Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.063{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 17141700x8000000000000000342501Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:25.063{6820D070-4D64-6323-ED00-000000007502}6140\chrome.6140.28.49449374C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000342500Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.013{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x8000000000000000342499Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.012{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000342498Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.011{6820D070-4DF8-6323-1C01-000000007502}6284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 22542200x8000000000000000342497Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.622{6820D070-4D64-6323-ED00-000000007502}6140studio-t.teads.tv0type: 5 studio-t.teads.tv.edgekey.net;type: 5 e9957.e4.akamaiedge.net;::ffff:69.192.209.51;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000342496Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.293{6820D070-4D64-6323-ED00-000000007502}6140ds-pr-bh.ybp.gysm.yahoodns.net02600:1f18:4e9:5a02:b371:809f:9514:eb53;2600:1f18:4e9:5a05:19c6:8f54:3d13:3206;2600:1f18:4e9:5a05:44f2:53f2:bfb5:4a94;2600:1f18:4e9:5a02:7151:3347:86d6:a72f;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000342495Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.291{6820D070-4D64-6323-ED00-000000007502}6140ds-pr-bh.ybp.gysm.yahoodns.net052.71.220.196;3.224.202.184;35.170.152.34;44.205.131.114;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000342494Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.290{6820D070-4D64-6323-ED00-000000007502}6140pr-bh.ybp.yahoo.com0type: 5 ds-pr-bh.ybp.gysm.yahoodns.net;::ffff:44.205.131.114;::ffff:52.71.220.196;::ffff:3.224.202.184;::ffff:35.170.152.34;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000342493Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.289{6820D070-4D64-6323-ED00-000000007502}6140pr-bh.ybp.yahoo.com0type: 5 ds-pr-bh.ybp.gysm.yahoodns.net;::ffff:35.170.152.34;::ffff:44.205.131.114;::ffff:52.71.220.196;::ffff:3.224.202.184;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000342492Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.281{6820D070-4D64-6323-ED00-000000007502}6140e9957.dsce4.akamaiedge.net02600:141b:e800:28e::26e5;2600:141b:e800:28d::26e5;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000342491Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.260{6820D070-4D64-6323-ED00-000000007502}6140e9957.dsce4.akamaiedge.net069.192.209.51;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000342490Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.257{6820D070-4D64-6323-ED00-000000007502}6140s8t.teads.tv0type: 5 s8t.teads.tv-v2.edgekey.net;type: 5 e9957.dsce4.akamaiedge.net;::ffff:69.192.209.51;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000342489Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.098{6820D070-4D64-6323-ED00-000000007502}6140be-ms.teads.tv9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000342488Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.096{6820D070-4D64-6323-ED00-000000007502}6140be-ms.teads.tv03.232.210.179;3.233.88.190;34.197.173.108;52.73.161.63;100.26.103.188;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000342487Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.095{6820D070-4D64-6323-ED00-000000007502}6140be-ms.teads.tv0::ffff:100.26.103.188;::ffff:3.232.210.179;::ffff:3.233.88.190;::ffff:34.197.173.108;::ffff:52.73.161.63;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000342486Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.094{6820D070-4D64-6323-ED00-000000007502}6140be-ms.teads.tv0::ffff:52.73.161.63;::ffff:100.26.103.188;::ffff:3.232.210.179;::ffff:3.233.88.190;::ffff:34.197.173.108;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000342485Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.094{6820D070-4D64-6323-ED00-000000007502}6140e9957.e4.akamaiedge.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000342484Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.092{6820D070-4D64-6323-ED00-000000007502}6140e9957.e4.akamaiedge.net069.192.209.51;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000342483Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.091{6820D070-4D64-6323-ED00-000000007502}6140e9957.d.akamaiedge.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000342482Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.090{6820D070-4D64-6323-ED00-000000007502}6140sync.teads.tv0type: 5 sync.teads.tv.edgekey.net;type: 5 e9957.e4.akamaiedge.net;::ffff:69.192.209.51;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000342481Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.089{6820D070-4D64-6323-ED00-000000007502}6140e9957.d.akamaiedge.net023.48.205.83;C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000189936Microsoft-Windows-Sysmon/Operationalwin-host-ctus-attack-range-102-2022-09-15 16:08:25.037{E743DC12-4AE3-6323-6D00-000000007602}3488NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EA787BE3130E46F9F7E0C72721426240,SHA256=B52EED7A6C0917F9F7B04616DD8ABC6D0C966CBD60DB7AB571389B492D04E456,IMPHASH=00000000000000000000000000000000falsetrue 734700x8000000000000000344498Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.978{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\freebl3.dll104.0.2-FirefoxMozilla Foundationfreebl3.dllMD5=E955B74FC4EC39B2FBA71B95F5785511,SHA256=AF895F69461521DC6DE09FA62D81F833D63D8559CA58FDBDACDDEBAF756FE717,IMPHASH=603677F758E7CEE100C502B5C0E50293trueMozilla CorporationValid 734700x8000000000000000344497Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.976{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\softokn3.dll104.0.2-FirefoxMozilla Foundationsoftokn3.dllMD5=4E78CA1C6C19DE0E2F37505183B005A8,SHA256=ADFA856F86B98E90DA37A1BDA1ABC261A6A871042FB342F93F43C6777E9E3CE2,IMPHASH=8217C8B17239D6236F43DE3AC007B8A6trueMozilla CorporationValid 10341000x8000000000000000344496Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.946{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exe0x1010C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000344495Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.946{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000344494Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.946{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000344493Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.945{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exe0x1010C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000344492Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.945{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000344491Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.945{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000344490Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.940{6820D070-4AD1-6323-1200-000000007502}3961540C:\Windows\system32\svchost.exe{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cd4|c:\windows\system32\fntcache.dll+17a6f|c:\windows\system32\fntcache.dll+1a637|c:\windows\system32\fntcache.dll+1aa6c|c:\windows\system32\fntcache.dll+501de|c:\windows\system32\fntcache.dll+4fee2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344489Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.939{6820D070-4AD1-6323-1200-000000007502}3961540C:\Windows\system32\svchost.exe{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cd4|c:\windows\system32\fntcache.dll+17a6f|c:\windows\system32\fntcache.dll+1a637|c:\windows\system32\fntcache.dll+1aa6c|c:\windows\system32\fntcache.dll+501de|c:\windows\system32\fntcache.dll+4fee2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344488Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.933{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\DWrite.dll10.0.14393.4704 (rs1_release.211004-1917)Microsoft DirectX Typography ServicesMicrosoft® Windows® Operating SystemMicrosoft CorporationDWriteMD5=E6024B83C3D336E71E636E2816A0F6C6,SHA256=6BCFB676656A149E0307D6BA0AEE58FA6057BB8A920B57505CD2B90C8968DF94,IMPHASH=4DF173E853B52F621D05CC337B9F72CEtrueMicrosoft WindowsValid 734700x8000000000000000344487Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.930{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\devobj.dll10.0.14393.0 (rs1_release.160715-1616)Device Information Set DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationdevinfoset.DLLMD5=72AD993A6E896EB50058A73D045F3284,SHA256=CFF524F52D5F91788F34A47076E0CA36132890981079B27F559279B3F6FC3B11,IMPHASH=DFDCA72C641F8587ADF49CA0ED1D5817trueMicrosoft WindowsValid 734700x8000000000000000344486Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.928{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\setupapi.dll10.0.14393.2608 (rs1_release.181024-1742)Windows Setup APIMicrosoft® Windows® Operating SystemMicrosoft CorporationSETUPAPI.DLLMD5=8EEA3E9E124AC395915517588723F12E,SHA256=ED63B8F0079069271F46EECCB4B0CF384D02BD1E18FE3BA635A0C0B1284B2CBE,IMPHASH=5910ADAAC44A92AFA6ED871531949CEEtrueMicrosoft WindowsValid 734700x8000000000000000344485Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.924{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ole32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=EB53D1BF6E1667C8727EBBB5D5A862ED,SHA256=2B3D48DFA43A284B1C66A8A98B0A48104133D86EEEB2E8E060BE2281CF476348,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 10341000x8000000000000000344484Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.922{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\lsasrv.dll+26e07|C:\Windows\system32\lsasrv.dll+27f99|C:\Windows\system32\lsasrv.dll+26c85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344483Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.922{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2bdcf|C:\Windows\system32\lsasrv.dll+26bcd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344482Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.919{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\sspicli.dll10.0.14393.5006 (rs1_release.220301-1704)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=F0258C58C8DC45AF9B5AAF9BA49E0C53,SHA256=8E1EAA39742CC0E97D615229E9C13C8447B8D115B4678A1F03BE3E8E20345521,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x8000000000000000344481Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.917{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\userenv.dll10.0.14393.4583 (rs1_release.210730-1850)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=E0F286AF345442E267C33880492CED31,SHA256=5C6D66F5A748551999BE1CDE33A3A1FC2E10D1297EF275D232A9FDCC95BEA84B,IMPHASH=C84FC60AE2A79A06E8C46A6929CDECB4trueMicrosoft WindowsValid 734700x8000000000000000344480Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.912{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 734700x8000000000000000344479Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.911{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\shlwapi.dll10.0.14393.5125 (rs1_release.220429-1732)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=407E895A220DE1A60C5B555A113FE998,SHA256=FE184347784F83953457146562E0F6C87C8DA04D0288415465631325A2A98C92,IMPHASH=9F3DE8492A7F075320A36332ACC9CAAFtrueMicrosoft WindowsValid 734700x8000000000000000344478Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.911{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575,IMPHASH=CBD4A2FD581B65B4B1934DA291FA2B86trueMicrosoft WindowsValid 734700x8000000000000000344477Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.911{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\windows.storage.dll10.0.14393.5291 (rs1_release.220806-1444)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=AA86B65DCB0ECF7263B863DE2A4E8D00,SHA256=2C4E0CA21438A610DCC55E24190146254E959DC5B8A0DE00BE517365CCCB10FB,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 734700x8000000000000000344476Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.910{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\shell32.dll10.0.14393.5291 (rs1_release.220806-1444)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=D73641916AB4964C7FE9B4A37473A01B,SHA256=4BB60581FB93D73CDC4F1FBEA2DDACE5D16FE61B6E0E16622C326B6E2F407A7E,IMPHASH=2A461CACC80CB7AC077398BD06B4057AtrueMicrosoft WindowsValid 18141800x8000000000000000344475Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:26.903{6820D070-4D64-6323-ED00-000000007502}6140\LOCAL\cubeb-pipe-6140-39C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000344474Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:26.903{6820D070-4D64-6323-ED00-000000007502}6140\LOCAL\cubeb-pipe-6140-39C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000344473Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.894{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704,IMPHASH=1835EBC72F9ADB09C6FCFABC04AC9C89trueMicrosoft WindowsValid 734700x8000000000000000344472Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.892{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winmmbase.dll10.0.14393.0 (rs1_release.160715-1616)Base Multimedia Extension API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMMbase.DLLMD5=24C1E8F8C10471C5A6F0E8AF141211EB,SHA256=75ECAE23C920D81614BA5C0648377C2FC04C7379FD6A388C244A81F50AAB7B1C,IMPHASH=0B9A3C99AAFA99247F9E2BD866186AEAtrueMicrosoft WindowsValid 734700x8000000000000000344471Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.891{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winmm.dll10.0.14393.0 (rs1_release.160715-1616)MCI API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMM.DLLMD5=F16410F5D557337B05CF4F93691EC106,SHA256=2B5BC3C0A6514356C6719298FC25D8D192A2C973EE3283EF48379D2745C9BD87,IMPHASH=9F0D37252D56D3F9E44E69CCC59B57AEtrueMicrosoft WindowsValid 734700x8000000000000000344470Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.875{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\freebl3.dll104.0.2-FirefoxMozilla Foundationfreebl3.dllMD5=E955B74FC4EC39B2FBA71B95F5785511,SHA256=AF895F69461521DC6DE09FA62D81F833D63D8559CA58FDBDACDDEBAF756FE717,IMPHASH=603677F758E7CEE100C502B5C0E50293trueMozilla CorporationValid 10341000x8000000000000000344469Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.870{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+406b6|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+54cfb|C:\Windows\System32\RPCRT4.dll+533da|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344468Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.869{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntmarta.dll10.0.14393.0 (rs1_release.160715-1616)Windows NT MARTA providerMicrosoft® Windows® Operating SystemMicrosoft Corporationntmarta.dllMD5=854A3CAE7C97B630158C9F7EE8555970,SHA256=20F0A4D99C5095A0CAC39B816BFC987F64CD051843C79E027714666375986176,IMPHASH=98050D95AE15C8382F287539F2BF65FAtrueMicrosoft WindowsValid 18141800x8000000000000000344467Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:26.867{6820D070-4D64-6323-ED00-000000007502}6140\gecko.6140.5612.6391125599365286369C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000344466Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:26.867{6820D070-4D64-6323-ED00-000000007502}6140\gecko.6140.5612.6391125599365286369C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000344465Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.866{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12,IMPHASH=67E6A4C8E164C0229E3FF1626F1894C6trueMicrosoft WindowsValid 734700x8000000000000000344464Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.865{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x8000000000000000344463Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.864{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\softokn3.dll104.0.2-FirefoxMozilla Foundationsoftokn3.dllMD5=4E78CA1C6C19DE0E2F37505183B005A8,SHA256=ADFA856F86B98E90DA37A1BDA1ABC261A6A871042FB342F93F43C6777E9E3CE2,IMPHASH=8217C8B17239D6236F43DE3AC007B8A6trueMozilla CorporationValid 10341000x8000000000000000344462Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.864{6820D070-4D64-6323-ED00-000000007502}61405612C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1a81b5a|C:\Program Files\Mozilla Firefox\xul.dll+1a7fb67|C:\Program Files\Mozilla Firefox\xul.dll+12cb5|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+127e7|C:\Program Files\Mozilla Firefox\xul.dll+9e0231|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000344461Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:26.863{6820D070-4D64-6323-ED00-000000007502}6140\chrome.6140.43.123221422C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000344460Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.856{6820D070-4D64-6323-ED00-000000007502}61404084C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+114dfb|C:\Program Files\Mozilla Firefox\xul.dll+12ee2b1|C:\Windows\SYSTEM32\ntdll.dll+7f61d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed13|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000344459Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:26.855{6820D070-4D64-6323-ED00-000000007502}6140\gecko-crash-server-pipe.6140C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000344458Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.852{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\freebl3.dll104.0.2-FirefoxMozilla Foundationfreebl3.dllMD5=E955B74FC4EC39B2FBA71B95F5785511,SHA256=AF895F69461521DC6DE09FA62D81F833D63D8559CA58FDBDACDDEBAF756FE717,IMPHASH=603677F758E7CEE100C502B5C0E50293trueMozilla CorporationValid 734700x8000000000000000344457Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.850{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\softokn3.dll104.0.2-FirefoxMozilla Foundationsoftokn3.dllMD5=4E78CA1C6C19DE0E2F37505183B005A8,SHA256=ADFA856F86B98E90DA37A1BDA1ABC261A6A871042FB342F93F43C6777E9E3CE2,IMPHASH=8217C8B17239D6236F43DE3AC007B8A6trueMozilla CorporationValid 734700x8000000000000000344456Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.848{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\version.dll10.0.14393.0 (rs1_release.160715-1616)Version Checking and File Installation LibrariesMicrosoft® Windows® Operating SystemMicrosoft CorporationVERSION.DLLMD5=CFDB018AC09F879CAAE7A66CA7880D57,SHA256=6AB95FD0D142CFFC3B9455AF51F003E1CD75B7F4323820390B975F9E1C8A47A5,IMPHASH=9A7C66851249D4CED6C2C9096DCA243BtrueMicrosoft WindowsValid 734700x8000000000000000344455Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.847{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\SHCore.dll10.0.14393.5066 (rs1_release.220401-1841)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=FC58D75DDAF44088B9101BE2418B1967,SHA256=74A0CCA04F2405A329897A6A1A3E90A0CE48E5772F85E7188C75677CD9D78160,IMPHASH=3C09BDCE2388320645D7656AE2AC744CtrueMicrosoft WindowsValid 734700x8000000000000000344454Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.846{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\combase.dll10.0.14393.5192 (rs1_release.220610-1622)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=336FBB55FF4D4E5A05343A51C98A8F74,SHA256=FD42EBCB39DD4311FA7515010FF4D08AC4DFF7D5C35FCB23207833ED4C2E8444,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000344453Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.845{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000344452Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.845{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000344451Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.844{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36,IMPHASH=FF25576501EAFD13671A6D5075C4513EtrueMicrosoft WindowsValid 734700x8000000000000000344450Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.843{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000344449Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.843{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wintrust.dll10.0.14393.5125 (rs1_release.220429-1732)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=55FCE44E89BDA2444619661FE50F43EE,SHA256=420CACA0D821E7E9F1D1E683E9899BC2F6D5A4AA06C8D4BB23335DD9490CC0F8,IMPHASH=8B8383FC3FA03C92F859A2AF899A52ADtrueMicrosoft WindowsValid 734700x8000000000000000344448Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.842{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll104.0.2-FirefoxMozilla Foundationxul.dllMD5=0A51F22D078855CE4E32F0987E9B06C6,SHA256=CD073C7F42A13D192E8E96AC16B0C2BE56D40424768DC65733380AB4AFBD4716,IMPHASH=9A9A84C657A1B1C5F1F6F1989D349543trueMozilla CorporationValid 734700x8000000000000000344447Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.841{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\lgpllibs.dll104.0.2-FirefoxMozilla Foundationlgpllibs.dllMD5=8A81C934123E7CA79B7A1741570D3336,SHA256=0A0F351BBB315E6364398A55F77607E57C29CB83BEE9FC6D7EA6DC3D761964DA,IMPHASH=451AECEA9F58042E76D96A82BE2804FAtrueMozilla CorporationValid 734700x8000000000000000344446Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.837{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wsock32.dll10.0.14393.0 (rs1_release.160715-1616)Windows Socket 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationwsock32.dllMD5=9471D5E2FEDF5552440BF935143DFAB0,SHA256=B489197F05EFFFB17F10FA9942DB88100C86BEB8291F9ACC8EB38BEF751BF90D,IMPHASH=6D33A1BDF842DEBFB889C44A830190E7trueMicrosoft WindowsValid 734700x8000000000000000344445Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.836{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000344444Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.836{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\rpcrt4.dll10.0.14393.5291 (rs1_release.220806-1444)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=F8550606B41FF309D9A1DC76BB4EE875,SHA256=A1FFDD6A2EDA9E0CF047C74B00649A2EA228E3B8BDE1761C66879FA40335C2EB,IMPHASH=C4246EC3F13C64466ED4274DBAA3B132trueMicrosoft WindowsValid 734700x8000000000000000344443Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.835{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\sechost.dll10.0.14393.5006 (rs1_release.220301-1704)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=9F0F4C38A22FC9FFB8814F77A9563680,SHA256=E9ABDA1063716301F5D06DBC94D6A35B3F53A14B946525E5F764485132DB6166,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000344442Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.835{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000344441Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.834{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\advapi32.dll10.0.14393.4886 (rs1_release.220104-1735)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=C42106182CCA611F629E46981D1A0EEA,SHA256=68C134F95A8D38AE84545C8D581F4BF808B6C9D97513EA3CABF019C66419CBAE,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x8000000000000000344440Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.834{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\nss3.dll104.0.2-FirefoxMozilla Foundationnss3.dllMD5=53509A4511300964ADB047AD5F1F1170,SHA256=2241536476C6C2CCE371DCFB08432C351198809A577FFC2E79D27FCEAAB6FEE5,IMPHASH=C637BF48786E5FC945D5268F49B50500trueMozilla CorporationValid 734700x8000000000000000344439Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.832{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 734700x8000000000000000344438Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.831{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\gdi32full.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F284A98093B423946252259D7D2857D3,SHA256=193F70529B68EF108EA17ABC069E6DACF4541A547DF1D2F249F7555A58BCFA07,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000344437Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.831{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000344436Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.830{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000344435Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.830{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000344434Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.828{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4770 (rs1_release.211101-1440)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=54417B63FB3760BC6DBC5DB1BDA4C272,SHA256=B7A8B457B252AB949C067D5FCFEFB2AE98E9115B958D2A0FC120D7B13B3E9FAD,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000344433Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.828{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 10341000x8000000000000000344432Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.825{6820D070-4AD1-6323-1200-000000007502}3961540C:\Windows\system32\svchost.exe{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cd4|c:\windows\system32\fntcache.dll+17a6f|c:\windows\system32\fntcache.dll+1a637|c:\windows\system32\fntcache.dll+1aa6c|c:\windows\system32\fntcache.dll+501de|c:\windows\system32\fntcache.dll+4fee2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344431Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.823{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\vcruntime140_1.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140_1.dllMD5=135359D350F72AD4BF716B764D39E749,SHA256=34048ABAA070ECC13B318CEA31425F4CA3EDD133D350318AC65259E6058C8B32,IMPHASH=AE0BDE6314FA2027B54CE04898F6AB69trueMicrosoft CorporationValid 10341000x8000000000000000344430Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.823{6820D070-4AD1-6323-1200-000000007502}3961540C:\Windows\system32\svchost.exe{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cd4|c:\windows\system32\fntcache.dll+17a6f|c:\windows\system32\fntcache.dll+1a637|c:\windows\system32\fntcache.dll+1aa6c|c:\windows\system32\fntcache.dll+501de|c:\windows\system32\fntcache.dll+4fee2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344429Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.823{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\vcruntime140.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140.dllMD5=F34EB034AA4A9735218686590CBA2E8B,SHA256=9D2B40F0395CC5D1B4D5EA17B84970C29971D448C37104676DB577586D4AD1B1,IMPHASH=44C3854843F7A3FCCDF8DDBBEA66F302trueMicrosoft CorporationValid 734700x8000000000000000344428Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.821{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp140.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationmsvcp140.dllMD5=6DA7F4530EDB350CF9D967D969CCECF8,SHA256=9FEE6F36547D6F6EA7CA0338655555DBA6BB0F798BC60334D29B94D1547DA4DA,IMPHASH=2BA11FD5A511C8A409E705E9AB6B5DC1trueMicrosoft CorporationValid 734700x8000000000000000344427Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.820{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242,IMPHASH=B6562243FBF394F03046E917C719260FtrueMicrosoft WindowsValid 734700x8000000000000000344426Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.820{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\crypt32.dll10.0.14393.5291 (rs1_release.220806-1444)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=0D54B119907CCD11827832973EAB917D,SHA256=78C28A0165B0A2581662CFB3A89E319006518DC2E1A664E6027C7F8EBFA05D92,IMPHASH=42B269CD88D7BD841B43BB1788792A62trueMicrosoft WindowsValid 734700x8000000000000000344425Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.819{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\mozglue.dll104.0.2-FirefoxMozilla Foundationmozglue.dllMD5=D81C40EAA529D675598BD3D88F4D273B,SHA256=F89754F1E16A89AF01B5A3B2F4FDE652AA14DBA3131FB9A831D1E51E2E4D9359,IMPHASH=59035CC8561E9C04E566E656F35B9519trueMozilla CorporationValid 734700x8000000000000000344424Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.818{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 10341000x8000000000000000344423Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.818{6820D070-4AD1-6323-1200-000000007502}3961540C:\Windows\system32\svchost.exe{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cd4|c:\windows\system32\fntcache.dll+17a6f|c:\windows\system32\fntcache.dll+1a637|c:\windows\system32\fntcache.dll+1aa6c|c:\windows\system32\fntcache.dll+501de|c:\windows\system32\fntcache.dll+4fee2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344422Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.816{6820D070-4AD1-6323-1200-000000007502}3961540C:\Windows\system32\svchost.exe{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cd4|c:\windows\system32\fntcache.dll+17a6f|c:\windows\system32\fntcache.dll+1a637|c:\windows\system32\fntcache.dll+1aa6c|c:\windows\system32\fntcache.dll+501de|c:\windows\system32\fntcache.dll+4fee2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344421Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.816{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\KernelBase.dll10.0.14393.5246 (rs1_release.220701-1744)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=96EFBE3DB6300BB13E0720809302FF9F,SHA256=2DE51A861E8D47D75730027E8BD70554363E10449EC258527C491EE8D4A57C2F,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000344420Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.815{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\DWrite.dll10.0.14393.4704 (rs1_release.211004-1917)Microsoft DirectX Typography ServicesMicrosoft® Windows® Operating SystemMicrosoft CorporationDWriteMD5=E6024B83C3D336E71E636E2816A0F6C6,SHA256=6BCFB676656A149E0307D6BA0AEE58FA6057BB8A920B57505CD2B90C8968DF94,IMPHASH=4DF173E853B52F621D05CC337B9F72CEtrueMicrosoft WindowsValid 734700x8000000000000000344419Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.815{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=92D599E644B89C0F9E7DDB55762EBEA6,SHA256=F32D28EE73EADAF9EF3F30145FA3C52B88DF47236B8747434750832BF1B9CDEE,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000344418Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.812{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntdll.dll10.0.14393.5006 (rs1_release.220301-1704)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=F5EE39B17A8BCDEDC3D40997C26F62B1,SHA256=11C1C88B1CC11D9800DEEF27ED7ABDFDE3DC852687A3B9FBD5153284106E5952,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000344417Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.812{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\devobj.dll10.0.14393.0 (rs1_release.160715-1616)Device Information Set DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationdevinfoset.DLLMD5=72AD993A6E896EB50058A73D045F3284,SHA256=CFF524F52D5F91788F34A47076E0CA36132890981079B27F559279B3F6FC3B11,IMPHASH=DFDCA72C641F8587ADF49CA0ED1D5817trueMicrosoft WindowsValid 734700x8000000000000000344416Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.812{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\firefox.exe104.0.2FirefoxFirefoxMozilla Corporationfirefox.exeMD5=BBF69077780A3C362C8F6545B6B254B9,SHA256=9BA01237719ABB00128CC369D5BEA68E6EB6AFCAA47C4316EED174615B90E2B6,IMPHASH=9AE80BC4D7F699F3663D6FC8FC1CEAF0trueMozilla CorporationValid 10341000x8000000000000000344415Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.810{6820D070-4D64-6323-ED00-000000007502}61404264C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+27040|C:\Program Files\Mozilla Firefox\xul.dll+e7c824|C:\Program Files\Mozilla Firefox\xul.dll+e76539|C:\Program Files\Mozilla Firefox\xul.dll+e6774a|C:\Program Files\Mozilla Firefox\xul.dll+378cdc3|C:\Program Files\Mozilla Firefox\xul.dll+7c6334|C:\Program Files\Mozilla Firefox\xul.dll+1a629d7|C:\Program Files\Mozilla Firefox\xul.dll+17b18ec|C:\Program Files\Mozilla Firefox\xul.dll+1a88fb4|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+1fc8e|C:\Program Files\Mozilla Firefox\xul.dll+180dd8|C:\Program Files\Mozilla Firefox\xul.dll+17fd52|C:\Program Files\Mozilla Firefox\xul.dll+44a9b51|C:\Program Files\Mozilla Firefox\xul.dll+4511b42|C:\Program Files\Mozilla Firefox\xul.dll+451296c|C:\Program Files\Mozilla Firefox\xul.dll+1f8be23|C:\Program Files\Mozilla Firefox\firefox.exe+19db6|C:\Program Files\Mozilla Firefox\firefox.exe+27d18|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344414Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.810{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\DWrite.dll10.0.14393.4704 (rs1_release.211004-1917)Microsoft DirectX Typography ServicesMicrosoft® Windows® Operating SystemMicrosoft CorporationDWriteMD5=E6024B83C3D336E71E636E2816A0F6C6,SHA256=6BCFB676656A149E0307D6BA0AEE58FA6057BB8A920B57505CD2B90C8968DF94,IMPHASH=4DF173E853B52F621D05CC337B9F72CEtrueMicrosoft WindowsValid 10341000x8000000000000000344413Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.809{6820D070-4D64-6323-ED00-000000007502}61405612C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+9f9b59|C:\Program Files\Mozilla Firefox\xul.dll+7c6334|C:\Program Files\Mozilla Firefox\xul.dll+1a7fd3f|C:\Program Files\Mozilla Firefox\xul.dll+12cb5|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+127e7|C:\Program Files\Mozilla Firefox\xul.dll+9e0231|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344412Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.808{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\devobj.dll10.0.14393.0 (rs1_release.160715-1616)Device Information Set DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationdevinfoset.DLLMD5=72AD993A6E896EB50058A73D045F3284,SHA256=CFF524F52D5F91788F34A47076E0CA36132890981079B27F559279B3F6FC3B11,IMPHASH=DFDCA72C641F8587ADF49CA0ED1D5817trueMicrosoft WindowsValid 734700x8000000000000000344411Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.808{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\setupapi.dll10.0.14393.2608 (rs1_release.181024-1742)Windows Setup APIMicrosoft® Windows® Operating SystemMicrosoft CorporationSETUPAPI.DLLMD5=8EEA3E9E124AC395915517588723F12E,SHA256=ED63B8F0079069271F46EECCB4B0CF384D02BD1E18FE3BA635A0C0B1284B2CBE,IMPHASH=5910ADAAC44A92AFA6ED871531949CEEtrueMicrosoft WindowsValid 734700x8000000000000000344410Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.807{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\setupapi.dll10.0.14393.2608 (rs1_release.181024-1742)Windows Setup APIMicrosoft® Windows® Operating SystemMicrosoft CorporationSETUPAPI.DLLMD5=8EEA3E9E124AC395915517588723F12E,SHA256=ED63B8F0079069271F46EECCB4B0CF384D02BD1E18FE3BA635A0C0B1284B2CBE,IMPHASH=5910ADAAC44A92AFA6ED871531949CEEtrueMicrosoft WindowsValid 10341000x8000000000000000344409Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.804{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344408Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.804{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344407Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.804{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344406Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.804{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ole32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=EB53D1BF6E1667C8727EBBB5D5A862ED,SHA256=2B3D48DFA43A284B1C66A8A98B0A48104133D86EEEB2E8E060BE2281CF476348,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 10341000x8000000000000000344405Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.804{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344404Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.804{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ole32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=EB53D1BF6E1667C8727EBBB5D5A862ED,SHA256=2B3D48DFA43A284B1C66A8A98B0A48104133D86EEEB2E8E060BE2281CF476348,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 10341000x8000000000000000344403Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.803{6820D070-4B7C-6323-8800-000000007502}6284268C:\Windows\system32\csrss.exe{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000344402Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.803{6820D070-4D64-6323-ED00-000000007502}61405840C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b830|C:\Windows\System32\KERNELBASE.dll+6f523|C:\Windows\System32\ADVAPI32.dll+189bf|C:\Program Files\Mozilla Firefox\firefox.exe+2bb52|C:\Program Files\Mozilla Firefox\firefox.exe+59d7|C:\Program Files\Mozilla Firefox\xul.dll+203367f|C:\Program Files\Mozilla Firefox\xul.dll+9f4a88|C:\Program Files\Mozilla Firefox\xul.dll+9f2b85|C:\Program Files\Mozilla Firefox\xul.dll+9faa2e|C:\Program Files\Mozilla Firefox\xul.dll+84ead3|C:\Program Files\Mozilla Firefox\xul.dll+17b26ed|C:\Program Files\Mozilla Firefox\xul.dll+17b0967|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+1fc8e|C:\Program Files\Mozilla Firefox\xul.dll+8523f7|C:\Program Files\Mozilla Firefox\nss3.dll+75edc|C:\Program Files\Mozilla Firefox\nss3.dll+8c1d1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344401Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.803{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\lsasrv.dll+26e07|C:\Windows\system32\lsasrv.dll+27f99|C:\Windows\system32\lsasrv.dll+26c85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000344400Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.803{6820D070-4DFA-6323-2E01-000000007502}8704C:\Program Files\Mozilla Firefox\firefox.exe104.0.2FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6140.43.1232214228\777843737" -childID 40 -isForBrowser -prefsHandle 9460 -prefMapHandle 9540 -prefsLen 31603 -prefMapSize 231974 -jsInitHandle 1100 -jsInitLen 247228 -a11yResourceId 64 -parentBuildID 20220902153754 -appDir "C:\Program Files\Mozilla Firefox\browser" - 6140 "\\.\pipe\gecko-crash-server-pipe.6140" 10096 26129394748 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{6820D070-4B7D-6323-1F63-0C0000000000}0xc631f2LowMD5=BBF69077780A3C362C8F6545B6B254B9,SHA256=9BA01237719ABB00128CC369D5BEA68E6EB6AFCAA47C4316EED174615B90E2B6,IMPHASH=9AE80BC4D7F699F3663D6FC8FC1CEAF0{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 354300x8000000000000000344399Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.992{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local59648- 354300x8000000000000000344398Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.987{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local54670- 354300x8000000000000000344397Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.986{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50262-false67.202.105.21ip21.67-202-105.static.steadfastdns.net443https 354300x8000000000000000344396Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.984{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local54559- 354300x8000000000000000344395Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.974{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local56758- 354300x8000000000000000344394Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.971{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local55676- 354300x8000000000000000344393Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.962{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local56321- 354300x8000000000000000344392Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.962{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local64025- 354300x8000000000000000344391Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.960{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local55128- 354300x8000000000000000344390Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.953{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local58899- 354300x8000000000000000344389Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.952{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local56747- 354300x8000000000000000344388Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.944{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local57273- 354300x8000000000000000344387Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.943{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local60885- 354300x8000000000000000344386Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.942{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local58885- 354300x8000000000000000344385Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.935{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50259-false216.200.232.253-443https 354300x8000000000000000344384Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.933{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50261-false35.211.178.172172.178.211.35.bc.googleusercontent.com443https 354300x8000000000000000344383Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.923{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50260-false3.218.90.66ec2-3-218-90-66.compute-1.amazonaws.com443https 354300x8000000000000000344382Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.918{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50257-false23.39.61.5a23-39-61-5.deploy.static.akamaitechnologies.com443https 354300x8000000000000000344381Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.913{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50258-false3.218.90.66ec2-3-218-90-66.compute-1.amazonaws.com443https 354300x8000000000000000344380Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.901{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local61386-false104.22.55.206-443https 354300x8000000000000000344379Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.866{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50256-false207.198.113.204-443https 354300x8000000000000000344378Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.865{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50254-false3.218.90.66ec2-3-218-90-66.compute-1.amazonaws.com443https 354300x8000000000000000344377Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.865{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50255-false205.180.85.172iad02-login.dotomi.com443https 354300x8000000000000000344376Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.850{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local64239- 354300x8000000000000000344375Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.779{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50253-false104.18.25.121-443https 354300x8000000000000000344374Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.764{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50249-false35.211.178.172172.178.211.35.bc.googleusercontent.com443https 354300x8000000000000000344373Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.764{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50250-false35.211.178.172172.178.211.35.bc.googleusercontent.com443https 354300x8000000000000000344372Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.763{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50252-false199.127.204.147-443https 10341000x8000000000000000344371Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.802{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2bdcf|C:\Windows\system32\lsasrv.dll+26bcd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344370Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.802{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\lsasrv.dll+26e07|C:\Windows\system32\lsasrv.dll+27f99|C:\Windows\system32\lsasrv.dll+26c85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344369Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.802{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2bdcf|C:\Windows\system32\lsasrv.dll+26bcd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344368Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.802{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\sspicli.dll10.0.14393.5006 (rs1_release.220301-1704)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=F0258C58C8DC45AF9B5AAF9BA49E0C53,SHA256=8E1EAA39742CC0E97D615229E9C13C8447B8D115B4678A1F03BE3E8E20345521,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 10341000x8000000000000000344367Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.801{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344366Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.801{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344365Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.801{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344364Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.801{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344363Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.801{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344362Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.800{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344361Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.800{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\userenv.dll10.0.14393.4583 (rs1_release.210730-1850)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=E0F286AF345442E267C33880492CED31,SHA256=5C6D66F5A748551999BE1CDE33A3A1FC2E10D1297EF275D232A9FDCC95BEA84B,IMPHASH=C84FC60AE2A79A06E8C46A6929CDECB4trueMicrosoft WindowsValid 10341000x8000000000000000344360Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.800{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344359Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.800{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344358Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.799{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344357Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.799{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344356Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.799{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344355Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.799{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344354Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.798{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344353Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.798{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344352Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.798{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344351Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.798{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\sspicli.dll10.0.14393.5006 (rs1_release.220301-1704)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=F0258C58C8DC45AF9B5AAF9BA49E0C53,SHA256=8E1EAA39742CC0E97D615229E9C13C8447B8D115B4678A1F03BE3E8E20345521,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 10341000x8000000000000000344350Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.798{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344349Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.797{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344348Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.797{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344347Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.797{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344346Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.797{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344345Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.796{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344344Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.796{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 10341000x8000000000000000344343Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.796{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344342Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.796{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344341Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.796{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344340Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.796{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344339Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.795{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344338Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.795{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\shlwapi.dll10.0.14393.5125 (rs1_release.220429-1732)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=407E895A220DE1A60C5B555A113FE998,SHA256=FE184347784F83953457146562E0F6C87C8DA04D0288415465631325A2A98C92,IMPHASH=9F3DE8492A7F075320A36332ACC9CAAFtrueMicrosoft WindowsValid 734700x8000000000000000344337Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.795{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575,IMPHASH=CBD4A2FD581B65B4B1934DA291FA2B86trueMicrosoft WindowsValid 734700x8000000000000000344336Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.794{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\userenv.dll10.0.14393.4583 (rs1_release.210730-1850)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=E0F286AF345442E267C33880492CED31,SHA256=5C6D66F5A748551999BE1CDE33A3A1FC2E10D1297EF275D232A9FDCC95BEA84B,IMPHASH=C84FC60AE2A79A06E8C46A6929CDECB4trueMicrosoft WindowsValid 734700x8000000000000000344335Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.794{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\windows.storage.dll10.0.14393.5291 (rs1_release.220806-1444)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=AA86B65DCB0ECF7263B863DE2A4E8D00,SHA256=2C4E0CA21438A610DCC55E24190146254E959DC5B8A0DE00BE517365CCCB10FB,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 734700x8000000000000000344334Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.793{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\shell32.dll10.0.14393.5291 (rs1_release.220806-1444)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=D73641916AB4964C7FE9B4A37473A01B,SHA256=4BB60581FB93D73CDC4F1FBEA2DDACE5D16FE61B6E0E16622C326B6E2F407A7E,IMPHASH=2A461CACC80CB7AC077398BD06B4057AtrueMicrosoft WindowsValid 17141700x8000000000000000344333Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:26.792{6820D070-4D64-6323-ED00-000000007502}6140\chrome.6140.43.123221422C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000344332Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:26.787{6820D070-4D64-6323-ED00-000000007502}6140\LOCAL\cubeb-pipe-6140-38C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000344331Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:26.787{6820D070-4D64-6323-ED00-000000007502}6140\LOCAL\cubeb-pipe-6140-38C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000344330Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.786{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 734700x8000000000000000344329Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.786{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\shlwapi.dll10.0.14393.5125 (rs1_release.220429-1732)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=407E895A220DE1A60C5B555A113FE998,SHA256=FE184347784F83953457146562E0F6C87C8DA04D0288415465631325A2A98C92,IMPHASH=9F3DE8492A7F075320A36332ACC9CAAFtrueMicrosoft WindowsValid 734700x8000000000000000344328Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.785{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704,IMPHASH=1835EBC72F9ADB09C6FCFABC04AC9C89trueMicrosoft WindowsValid 734700x8000000000000000344327Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.785{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575,IMPHASH=CBD4A2FD581B65B4B1934DA291FA2B86trueMicrosoft WindowsValid 734700x8000000000000000344326Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.785{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winmmbase.dll10.0.14393.0 (rs1_release.160715-1616)Base Multimedia Extension API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMMbase.DLLMD5=24C1E8F8C10471C5A6F0E8AF141211EB,SHA256=75ECAE23C920D81614BA5C0648377C2FC04C7379FD6A388C244A81F50AAB7B1C,IMPHASH=0B9A3C99AAFA99247F9E2BD866186AEAtrueMicrosoft WindowsValid 734700x8000000000000000344325Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.785{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\windows.storage.dll10.0.14393.5291 (rs1_release.220806-1444)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=AA86B65DCB0ECF7263B863DE2A4E8D00,SHA256=2C4E0CA21438A610DCC55E24190146254E959DC5B8A0DE00BE517365CCCB10FB,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 734700x8000000000000000344324Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.784{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winmm.dll10.0.14393.0 (rs1_release.160715-1616)MCI API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMM.DLLMD5=F16410F5D557337B05CF4F93691EC106,SHA256=2B5BC3C0A6514356C6719298FC25D8D192A2C973EE3283EF48379D2745C9BD87,IMPHASH=9F0D37252D56D3F9E44E69CCC59B57AEtrueMicrosoft WindowsValid 734700x8000000000000000344323Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.783{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\shell32.dll10.0.14393.5291 (rs1_release.220806-1444)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=D73641916AB4964C7FE9B4A37473A01B,SHA256=4BB60581FB93D73CDC4F1FBEA2DDACE5D16FE61B6E0E16622C326B6E2F407A7E,IMPHASH=2A461CACC80CB7AC077398BD06B4057AtrueMicrosoft WindowsValid 18141800x8000000000000000344322Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:26.777{6820D070-4D64-6323-ED00-000000007502}6140\LOCAL\cubeb-pipe-6140-37C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000344321Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:26.777{6820D070-4D64-6323-ED00-000000007502}6140\LOCAL\cubeb-pipe-6140-37C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000344320Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.773{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704,IMPHASH=1835EBC72F9ADB09C6FCFABC04AC9C89trueMicrosoft WindowsValid 734700x8000000000000000344319Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.772{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winmmbase.dll10.0.14393.0 (rs1_release.160715-1616)Base Multimedia Extension API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMMbase.DLLMD5=24C1E8F8C10471C5A6F0E8AF141211EB,SHA256=75ECAE23C920D81614BA5C0648377C2FC04C7379FD6A388C244A81F50AAB7B1C,IMPHASH=0B9A3C99AAFA99247F9E2BD866186AEAtrueMicrosoft WindowsValid 23542300x8000000000000000344318Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.766{6820D070-4D64-6323-ED00-000000007502}6140ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\qyyifi8m.default-release\cache2\doomed\22983MD5=364931B4719C5D74C8FCFBA018DD3300,SHA256=2D30A7D4552EF56C94EA68B72C8CDF1AEBE16E3B031918C3A428E9DBE687ACFB,IMPHASH=00000000000000000000000000000000falsetrue 734700x8000000000000000344317Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.769{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winmm.dll10.0.14393.0 (rs1_release.160715-1616)MCI API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMM.DLLMD5=F16410F5D557337B05CF4F93691EC106,SHA256=2B5BC3C0A6514356C6719298FC25D8D192A2C973EE3283EF48379D2745C9BD87,IMPHASH=9F0D37252D56D3F9E44E69CCC59B57AEtrueMicrosoft WindowsValid 10341000x8000000000000000344316Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.764{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+406b6|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+54cfb|C:\Windows\System32\RPCRT4.dll+533da|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344315Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.763{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntmarta.dll10.0.14393.0 (rs1_release.160715-1616)Windows NT MARTA providerMicrosoft® Windows® Operating SystemMicrosoft Corporationntmarta.dllMD5=854A3CAE7C97B630158C9F7EE8555970,SHA256=20F0A4D99C5095A0CAC39B816BFC987F64CD051843C79E027714666375986176,IMPHASH=98050D95AE15C8382F287539F2BF65FAtrueMicrosoft WindowsValid 18141800x8000000000000000344314Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:26.762{6820D070-4D64-6323-ED00-000000007502}6140\gecko.6140.5612.12512446268011234564C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000344313Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:26.762{6820D070-4D64-6323-ED00-000000007502}6140\gecko.6140.5612.12512446268011234564C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000344312Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.761{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12,IMPHASH=67E6A4C8E164C0229E3FF1626F1894C6trueMicrosoft WindowsValid 734700x8000000000000000344311Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.759{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x8000000000000000344310Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.758{6820D070-4D64-6323-ED00-000000007502}61405612C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1a81b5a|C:\Program Files\Mozilla Firefox\xul.dll+1a7fb67|C:\Program Files\Mozilla Firefox\xul.dll+12cb5|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+127e7|C:\Program Files\Mozilla Firefox\xul.dll+9e0231|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000344309Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:26.758{6820D070-4D64-6323-ED00-000000007502}6140\chrome.6140.42.177103838C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000344308Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.750{6820D070-4D64-6323-ED00-000000007502}61404084C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+114dfb|C:\Program Files\Mozilla Firefox\xul.dll+12ee2b1|C:\Windows\SYSTEM32\ntdll.dll+7f61d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed13|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000344307Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:26.749{6820D070-4D64-6323-ED00-000000007502}6140\gecko-crash-server-pipe.6140C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000344306Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.745{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\freebl3.dll104.0.2-FirefoxMozilla Foundationfreebl3.dllMD5=E955B74FC4EC39B2FBA71B95F5785511,SHA256=AF895F69461521DC6DE09FA62D81F833D63D8559CA58FDBDACDDEBAF756FE717,IMPHASH=603677F758E7CEE100C502B5C0E50293trueMozilla CorporationValid 734700x8000000000000000344305Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.744{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\softokn3.dll104.0.2-FirefoxMozilla Foundationsoftokn3.dllMD5=4E78CA1C6C19DE0E2F37505183B005A8,SHA256=ADFA856F86B98E90DA37A1BDA1ABC261A6A871042FB342F93F43C6777E9E3CE2,IMPHASH=8217C8B17239D6236F43DE3AC007B8A6trueMozilla CorporationValid 734700x8000000000000000344304Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.740{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\version.dll10.0.14393.0 (rs1_release.160715-1616)Version Checking and File Installation LibrariesMicrosoft® Windows® Operating SystemMicrosoft CorporationVERSION.DLLMD5=CFDB018AC09F879CAAE7A66CA7880D57,SHA256=6AB95FD0D142CFFC3B9455AF51F003E1CD75B7F4323820390B975F9E1C8A47A5,IMPHASH=9A7C66851249D4CED6C2C9096DCA243BtrueMicrosoft WindowsValid 734700x8000000000000000344303Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.739{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\SHCore.dll10.0.14393.5066 (rs1_release.220401-1841)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=FC58D75DDAF44088B9101BE2418B1967,SHA256=74A0CCA04F2405A329897A6A1A3E90A0CE48E5772F85E7188C75677CD9D78160,IMPHASH=3C09BDCE2388320645D7656AE2AC744CtrueMicrosoft WindowsValid 734700x8000000000000000344302Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.739{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\combase.dll10.0.14393.5192 (rs1_release.220610-1622)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=336FBB55FF4D4E5A05343A51C98A8F74,SHA256=FD42EBCB39DD4311FA7515010FF4D08AC4DFF7D5C35FCB23207833ED4C2E8444,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000344301Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.739{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000344300Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.738{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000344299Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.738{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36,IMPHASH=FF25576501EAFD13671A6D5075C4513EtrueMicrosoft WindowsValid 734700x8000000000000000344298Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.738{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000344297Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.738{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wintrust.dll10.0.14393.5125 (rs1_release.220429-1732)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=55FCE44E89BDA2444619661FE50F43EE,SHA256=420CACA0D821E7E9F1D1E683E9899BC2F6D5A4AA06C8D4BB23335DD9490CC0F8,IMPHASH=8B8383FC3FA03C92F859A2AF899A52ADtrueMicrosoft WindowsValid 10341000x8000000000000000344296Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.737{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+406b6|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+54cfb|C:\Windows\System32\RPCRT4.dll+533da|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344295Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.737{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll104.0.2-FirefoxMozilla Foundationxul.dllMD5=0A51F22D078855CE4E32F0987E9B06C6,SHA256=CD073C7F42A13D192E8E96AC16B0C2BE56D40424768DC65733380AB4AFBD4716,IMPHASH=9A9A84C657A1B1C5F1F6F1989D349543trueMozilla CorporationValid 734700x8000000000000000344294Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.736{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\lgpllibs.dll104.0.2-FirefoxMozilla Foundationlgpllibs.dllMD5=8A81C934123E7CA79B7A1741570D3336,SHA256=0A0F351BBB315E6364398A55F77607E57C29CB83BEE9FC6D7EA6DC3D761964DA,IMPHASH=451AECEA9F58042E76D96A82BE2804FAtrueMozilla CorporationValid 734700x8000000000000000344293Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.735{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wsock32.dll10.0.14393.0 (rs1_release.160715-1616)Windows Socket 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationwsock32.dllMD5=9471D5E2FEDF5552440BF935143DFAB0,SHA256=B489197F05EFFFB17F10FA9942DB88100C86BEB8291F9ACC8EB38BEF751BF90D,IMPHASH=6D33A1BDF842DEBFB889C44A830190E7trueMicrosoft WindowsValid 23542300x8000000000000000344292Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.734{6820D070-4D64-6323-ED00-000000007502}6140ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\qyyifi8m.default-release\cache2\doomed\23108MD5=1571F4F6A3D838A2BE5BAB44C8EAB3D8,SHA256=18E303DFF0AD86D20582ECF8A1E7A98680D1FAAA5F682939679FEA6D18F12671,IMPHASH=00000000000000000000000000000000falsetrue 734700x8000000000000000344291Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.733{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntmarta.dll10.0.14393.0 (rs1_release.160715-1616)Windows NT MARTA providerMicrosoft® Windows® Operating SystemMicrosoft Corporationntmarta.dllMD5=854A3CAE7C97B630158C9F7EE8555970,SHA256=20F0A4D99C5095A0CAC39B816BFC987F64CD051843C79E027714666375986176,IMPHASH=98050D95AE15C8382F287539F2BF65FAtrueMicrosoft WindowsValid 734700x8000000000000000344290Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.733{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000344289Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.733{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\rpcrt4.dll10.0.14393.5291 (rs1_release.220806-1444)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=F8550606B41FF309D9A1DC76BB4EE875,SHA256=A1FFDD6A2EDA9E0CF047C74B00649A2EA228E3B8BDE1761C66879FA40335C2EB,IMPHASH=C4246EC3F13C64466ED4274DBAA3B132trueMicrosoft WindowsValid 734700x8000000000000000344288Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.732{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\sechost.dll10.0.14393.5006 (rs1_release.220301-1704)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=9F0F4C38A22FC9FFB8814F77A9563680,SHA256=E9ABDA1063716301F5D06DBC94D6A35B3F53A14B946525E5F764485132DB6166,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000344287Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.731{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12,IMPHASH=67E6A4C8E164C0229E3FF1626F1894C6trueMicrosoft WindowsValid 734700x8000000000000000344286Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.731{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000344285Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.730{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x8000000000000000344284Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.730{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\advapi32.dll10.0.14393.4886 (rs1_release.220104-1735)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=C42106182CCA611F629E46981D1A0EEA,SHA256=68C134F95A8D38AE84545C8D581F4BF808B6C9D97513EA3CABF019C66419CBAE,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x8000000000000000344283Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.729{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\nss3.dll104.0.2-FirefoxMozilla Foundationnss3.dllMD5=53509A4511300964ADB047AD5F1F1170,SHA256=2241536476C6C2CCE371DCFB08432C351198809A577FFC2E79D27FCEAAB6FEE5,IMPHASH=C637BF48786E5FC945D5268F49B50500trueMozilla CorporationValid 18141800x8000000000000000344282Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:26.727{6820D070-4D64-6323-ED00-000000007502}6140\gecko.6140.5612.8017165376195882793C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000344281Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:26.727{6820D070-4D64-6323-ED00-000000007502}6140\gecko.6140.5612.8017165376195882793C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000344280Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.726{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 734700x8000000000000000344279Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.724{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\gdi32full.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F284A98093B423946252259D7D2857D3,SHA256=193F70529B68EF108EA17ABC069E6DACF4541A547DF1D2F249F7555A58BCFA07,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 10341000x8000000000000000344278Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.723{6820D070-4D64-6323-ED00-000000007502}61405612C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1a81b5a|C:\Program Files\Mozilla Firefox\xul.dll+1a7fb67|C:\Program Files\Mozilla Firefox\xul.dll+12cb5|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+127e7|C:\Program Files\Mozilla Firefox\xul.dll+9e0231|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344277Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.723{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000344276Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.722{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000344275Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.722{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 23542300x8000000000000000344274Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.722{6820D070-4D64-6323-ED00-000000007502}6140ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\qyyifi8m.default-release\cache2\doomed\22480MD5=87AF2538061823B6E236A15FCAEC919C,SHA256=1556C0ACBF31BC8DA6886403B35D976FBF35865DF9C9097F09C6369EC01CAAD5,IMPHASH=00000000000000000000000000000000falsetrue 734700x8000000000000000344273Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.720{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4770 (rs1_release.211101-1440)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=54417B63FB3760BC6DBC5DB1BDA4C272,SHA256=B7A8B457B252AB949C067D5FCFEFB2AE98E9115B958D2A0FC120D7B13B3E9FAD,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000344272Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.720{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000344271Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.717{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\vcruntime140_1.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140_1.dllMD5=135359D350F72AD4BF716B764D39E749,SHA256=34048ABAA070ECC13B318CEA31425F4CA3EDD133D350318AC65259E6058C8B32,IMPHASH=AE0BDE6314FA2027B54CE04898F6AB69trueMicrosoft CorporationValid 734700x8000000000000000344270Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.717{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\vcruntime140.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140.dllMD5=F34EB034AA4A9735218686590CBA2E8B,SHA256=9D2B40F0395CC5D1B4D5EA17B84970C29971D448C37104676DB577586D4AD1B1,IMPHASH=44C3854843F7A3FCCDF8DDBBEA66F302trueMicrosoft CorporationValid 18141800x8000000000000000344269Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:26.716{6820D070-4D64-6323-ED00-000000007502}6140\chrome.6140.40.186030653C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000344268Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.716{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp140.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationmsvcp140.dllMD5=6DA7F4530EDB350CF9D967D969CCECF8,SHA256=9FEE6F36547D6F6EA7CA0338655555DBA6BB0F798BC60334D29B94D1547DA4DA,IMPHASH=2BA11FD5A511C8A409E705E9AB6B5DC1trueMicrosoft CorporationValid 734700x8000000000000000344267Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.716{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242,IMPHASH=B6562243FBF394F03046E917C719260FtrueMicrosoft WindowsValid 734700x8000000000000000344266Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.715{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\crypt32.dll10.0.14393.5291 (rs1_release.220806-1444)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=0D54B119907CCD11827832973EAB917D,SHA256=78C28A0165B0A2581662CFB3A89E319006518DC2E1A664E6027C7F8EBFA05D92,IMPHASH=42B269CD88D7BD841B43BB1788792A62trueMicrosoft WindowsValid 734700x8000000000000000344265Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.714{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\mozglue.dll104.0.2-FirefoxMozilla Foundationmozglue.dllMD5=D81C40EAA529D675598BD3D88F4D273B,SHA256=F89754F1E16A89AF01B5A3B2F4FDE652AA14DBA3131FB9A831D1E51E2E4D9359,IMPHASH=59035CC8561E9C04E566E656F35B9519trueMozilla CorporationValid 734700x8000000000000000344264Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.714{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000344263Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.711{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\KernelBase.dll10.0.14393.5246 (rs1_release.220701-1744)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=96EFBE3DB6300BB13E0720809302FF9F,SHA256=2DE51A861E8D47D75730027E8BD70554363E10449EC258527C491EE8D4A57C2F,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000344262Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.711{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=92D599E644B89C0F9E7DDB55762EBEA6,SHA256=F32D28EE73EADAF9EF3F30145FA3C52B88DF47236B8747434750832BF1B9CDEE,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 10341000x8000000000000000344261Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.711{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344260Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.710{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344259Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.709{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344258Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.709{6820D070-4D64-6323-ED00-000000007502}61404084C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+114dfb|C:\Program Files\Mozilla Firefox\xul.dll+12ee2b1|C:\Windows\SYSTEM32\ntdll.dll+7f61d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed13|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000344257Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:26.708{6820D070-4D64-6323-ED00-000000007502}6140\gecko-crash-server-pipe.6140C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000344256Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.706{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntdll.dll10.0.14393.5006 (rs1_release.220301-1704)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=F5EE39B17A8BCDEDC3D40997C26F62B1,SHA256=11C1C88B1CC11D9800DEEF27ED7ABDFDE3DC852687A3B9FBD5153284106E5952,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000344255Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.706{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\firefox.exe104.0.2FirefoxFirefoxMozilla Corporationfirefox.exeMD5=BBF69077780A3C362C8F6545B6B254B9,SHA256=9BA01237719ABB00128CC369D5BEA68E6EB6AFCAA47C4316EED174615B90E2B6,IMPHASH=9AE80BC4D7F699F3663D6FC8FC1CEAF0trueMozilla CorporationValid 10341000x8000000000000000344254Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.705{6820D070-4AD1-6323-1200-000000007502}3961540C:\Windows\system32\svchost.exe{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cd4|c:\windows\system32\fntcache.dll+17a6f|c:\windows\system32\fntcache.dll+1a637|c:\windows\system32\fntcache.dll+1aa6c|c:\windows\system32\fntcache.dll+501de|c:\windows\system32\fntcache.dll+4fee2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344253Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.704{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344252Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.704{6820D070-4AD1-6323-1200-000000007502}3961540C:\Windows\system32\svchost.exe{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cd4|c:\windows\system32\fntcache.dll+17a6f|c:\windows\system32\fntcache.dll+1a637|c:\windows\system32\fntcache.dll+1aa6c|c:\windows\system32\fntcache.dll+501de|c:\windows\system32\fntcache.dll+4fee2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344251Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.704{6820D070-4D64-6323-ED00-000000007502}61404264C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+27040|C:\Program Files\Mozilla Firefox\xul.dll+e7c824|C:\Program Files\Mozilla Firefox\xul.dll+e76539|C:\Program Files\Mozilla Firefox\xul.dll+e6774a|C:\Program Files\Mozilla Firefox\xul.dll+378cdc3|C:\Program Files\Mozilla Firefox\xul.dll+7c6334|C:\Program Files\Mozilla Firefox\xul.dll+1a629d7|C:\Program Files\Mozilla Firefox\xul.dll+17b18ec|C:\Program Files\Mozilla Firefox\xul.dll+1a88fb4|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+1fc8e|C:\Program Files\Mozilla Firefox\xul.dll+180dd8|C:\Program Files\Mozilla Firefox\xul.dll+17fd52|C:\Program Files\Mozilla Firefox\xul.dll+44a9b51|C:\Program Files\Mozilla Firefox\xul.dll+4511b42|C:\Program Files\Mozilla Firefox\xul.dll+451296c|C:\Program Files\Mozilla Firefox\xul.dll+1f8be23|C:\Program Files\Mozilla Firefox\firefox.exe+19db6|C:\Program Files\Mozilla Firefox\firefox.exe+27d18|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344250Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.703{6820D070-4D64-6323-ED00-000000007502}61405612C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+9f9b59|C:\Program Files\Mozilla Firefox\xul.dll+7c6334|C:\Program Files\Mozilla Firefox\xul.dll+1a7fd3f|C:\Program Files\Mozilla Firefox\xul.dll+12cb5|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+127e7|C:\Program Files\Mozilla Firefox\xul.dll+9e0231|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000344249Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.703{6820D070-4D64-6323-ED00-000000007502}6140ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\qyyifi8m.default-release\cache2\doomed\19842MD5=BCC6E226CF8475810778E538CF42BACB,SHA256=531BC5C4D633E8C3785903FB3BC66DD79178D44A558B33880F67ABE07D9FDF26,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000344248Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.699{6820D070-4B7C-6323-8800-000000007502}6281180C:\Windows\system32\csrss.exe{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000344247Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.699{6820D070-4D64-6323-ED00-000000007502}61405840C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b830|C:\Windows\System32\KERNELBASE.dll+6f523|C:\Windows\System32\ADVAPI32.dll+189bf|C:\Program Files\Mozilla Firefox\firefox.exe+2bb52|C:\Program Files\Mozilla Firefox\firefox.exe+59d7|C:\Program Files\Mozilla Firefox\xul.dll+203367f|C:\Program Files\Mozilla Firefox\xul.dll+9f4a88|C:\Program Files\Mozilla Firefox\xul.dll+9f2b85|C:\Program Files\Mozilla Firefox\xul.dll+9faa2e|C:\Program Files\Mozilla Firefox\xul.dll+84ead3|C:\Program Files\Mozilla Firefox\xul.dll+17b26ed|C:\Program Files\Mozilla Firefox\xul.dll+17b0967|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+1fc8e|C:\Program Files\Mozilla Firefox\xul.dll+8523f7|C:\Program Files\Mozilla Firefox\nss3.dll+75edc|C:\Program Files\Mozilla Firefox\nss3.dll+8c1d1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344246Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.699{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\version.dll10.0.14393.0 (rs1_release.160715-1616)Version Checking and File Installation LibrariesMicrosoft® Windows® Operating SystemMicrosoft CorporationVERSION.DLLMD5=CFDB018AC09F879CAAE7A66CA7880D57,SHA256=6AB95FD0D142CFFC3B9455AF51F003E1CD75B7F4323820390B975F9E1C8A47A5,IMPHASH=9A7C66851249D4CED6C2C9096DCA243BtrueMicrosoft WindowsValid 154100x8000000000000000344245Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.699{6820D070-4DFA-6323-2D01-000000007502}8560C:\Program Files\Mozilla Firefox\firefox.exe104.0.2FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6140.42.1771038388\153705863" -childID 39 -isForBrowser -prefsHandle 10144 -prefMapHandle 10156 -prefsLen 31603 -prefMapSize 231974 -jsInitHandle 1100 -jsInitLen 247228 -a11yResourceId 64 -parentBuildID 20220902153754 -appDir "C:\Program Files\Mozilla Firefox\browser" - 6140 "\\.\pipe\gecko-crash-server-pipe.6140" 9920 2612fcad648 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{6820D070-4B7D-6323-1F63-0C0000000000}0xc631f2LowMD5=BBF69077780A3C362C8F6545B6B254B9,SHA256=9BA01237719ABB00128CC369D5BEA68E6EB6AFCAA47C4316EED174615B90E2B6,IMPHASH=9AE80BC4D7F699F3663D6FC8FC1CEAF0{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 734700x8000000000000000344244Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.699{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\DWrite.dll10.0.14393.4704 (rs1_release.211004-1917)Microsoft DirectX Typography ServicesMicrosoft® Windows® Operating SystemMicrosoft CorporationDWriteMD5=E6024B83C3D336E71E636E2816A0F6C6,SHA256=6BCFB676656A149E0307D6BA0AEE58FA6057BB8A920B57505CD2B90C8968DF94,IMPHASH=4DF173E853B52F621D05CC337B9F72CEtrueMicrosoft WindowsValid 10341000x8000000000000000344243Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.697{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344242Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.697{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344241Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.697{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344240Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.697{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\SHCore.dll10.0.14393.5066 (rs1_release.220401-1841)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=FC58D75DDAF44088B9101BE2418B1967,SHA256=74A0CCA04F2405A329897A6A1A3E90A0CE48E5772F85E7188C75677CD9D78160,IMPHASH=3C09BDCE2388320645D7656AE2AC744CtrueMicrosoft WindowsValid 10341000x8000000000000000344239Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.697{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344238Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.697{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344237Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.697{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\devobj.dll10.0.14393.0 (rs1_release.160715-1616)Device Information Set DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationdevinfoset.DLLMD5=72AD993A6E896EB50058A73D045F3284,SHA256=CFF524F52D5F91788F34A47076E0CA36132890981079B27F559279B3F6FC3B11,IMPHASH=DFDCA72C641F8587ADF49CA0ED1D5817trueMicrosoft WindowsValid 10341000x8000000000000000344236Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.696{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344235Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.696{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\combase.dll10.0.14393.5192 (rs1_release.220610-1622)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=336FBB55FF4D4E5A05343A51C98A8F74,SHA256=FD42EBCB39DD4311FA7515010FF4D08AC4DFF7D5C35FCB23207833ED4C2E8444,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 10341000x8000000000000000344234Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.696{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344233Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.696{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344232Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.695{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344231Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.695{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 10341000x8000000000000000344230Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.694{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344229Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.693{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344228Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.693{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344227Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.693{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344226Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.693{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344225Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.693{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\setupapi.dll10.0.14393.2608 (rs1_release.181024-1742)Windows Setup APIMicrosoft® Windows® Operating SystemMicrosoft CorporationSETUPAPI.DLLMD5=8EEA3E9E124AC395915517588723F12E,SHA256=ED63B8F0079069271F46EECCB4B0CF384D02BD1E18FE3BA635A0C0B1284B2CBE,IMPHASH=5910ADAAC44A92AFA6ED871531949CEEtrueMicrosoft WindowsValid 10341000x8000000000000000344224Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.693{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344223Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.692{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344222Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.692{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344221Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.692{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344220Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.691{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344219Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.691{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 10341000x8000000000000000344218Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.690{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344217Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.690{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344216Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.689{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344215Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.689{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ole32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=EB53D1BF6E1667C8727EBBB5D5A862ED,SHA256=2B3D48DFA43A284B1C66A8A98B0A48104133D86EEEB2E8E060BE2281CF476348,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 10341000x8000000000000000344214Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.689{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344213Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.689{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344212Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.689{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344211Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.688{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344210Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.688{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\lsasrv.dll+26e07|C:\Windows\system32\lsasrv.dll+27f99|C:\Windows\system32\lsasrv.dll+26c85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344209Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.688{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2bdcf|C:\Windows\system32\lsasrv.dll+26bcd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344208Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.688{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\sspicli.dll10.0.14393.5006 (rs1_release.220301-1704)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=F0258C58C8DC45AF9B5AAF9BA49E0C53,SHA256=8E1EAA39742CC0E97D615229E9C13C8447B8D115B4678A1F03BE3E8E20345521,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x8000000000000000344207Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.687{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36,IMPHASH=FF25576501EAFD13671A6D5075C4513EtrueMicrosoft WindowsValid 734700x8000000000000000344206Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.687{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000344205Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.686{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wintrust.dll10.0.14393.5125 (rs1_release.220429-1732)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=55FCE44E89BDA2444619661FE50F43EE,SHA256=420CACA0D821E7E9F1D1E683E9899BC2F6D5A4AA06C8D4BB23335DD9490CC0F8,IMPHASH=8B8383FC3FA03C92F859A2AF899A52ADtrueMicrosoft WindowsValid 734700x8000000000000000344204Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.685{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll104.0.2-FirefoxMozilla Foundationxul.dllMD5=0A51F22D078855CE4E32F0987E9B06C6,SHA256=CD073C7F42A13D192E8E96AC16B0C2BE56D40424768DC65733380AB4AFBD4716,IMPHASH=9A9A84C657A1B1C5F1F6F1989D349543trueMozilla CorporationValid 734700x8000000000000000344203Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.685{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\lgpllibs.dll104.0.2-FirefoxMozilla Foundationlgpllibs.dllMD5=8A81C934123E7CA79B7A1741570D3336,SHA256=0A0F351BBB315E6364398A55F77607E57C29CB83BEE9FC6D7EA6DC3D761964DA,IMPHASH=451AECEA9F58042E76D96A82BE2804FAtrueMozilla CorporationValid 734700x8000000000000000344202Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.684{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\userenv.dll10.0.14393.4583 (rs1_release.210730-1850)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=E0F286AF345442E267C33880492CED31,SHA256=5C6D66F5A748551999BE1CDE33A3A1FC2E10D1297EF275D232A9FDCC95BEA84B,IMPHASH=C84FC60AE2A79A06E8C46A6929CDECB4trueMicrosoft WindowsValid 23542300x8000000000000000344201Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.684{6820D070-4AF2-6323-7D00-000000007502}3084NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=20C912DAA80FD013F21633C844DA59F5,SHA256=B64BF18552C51AE1F0861849FBBC2CBD7A31DEB9C285C6D296A542FCD4CA4198,IMPHASH=00000000000000000000000000000000falsetrue 734700x8000000000000000344200Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.683{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wsock32.dll10.0.14393.0 (rs1_release.160715-1616)Windows Socket 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationwsock32.dllMD5=9471D5E2FEDF5552440BF935143DFAB0,SHA256=B489197F05EFFFB17F10FA9942DB88100C86BEB8291F9ACC8EB38BEF751BF90D,IMPHASH=6D33A1BDF842DEBFB889C44A830190E7trueMicrosoft WindowsValid 734700x8000000000000000344199Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.681{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 734700x8000000000000000344198Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.680{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\shlwapi.dll10.0.14393.5125 (rs1_release.220429-1732)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=407E895A220DE1A60C5B555A113FE998,SHA256=FE184347784F83953457146562E0F6C87C8DA04D0288415465631325A2A98C92,IMPHASH=9F3DE8492A7F075320A36332ACC9CAAFtrueMicrosoft WindowsValid 17141700x8000000000000000344197Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:26.680{6820D070-4D64-6323-ED00-000000007502}6140\chrome.6140.42.177103838C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000344196Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.680{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575,IMPHASH=CBD4A2FD581B65B4B1934DA291FA2B86trueMicrosoft WindowsValid 734700x8000000000000000344195Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.680{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\windows.storage.dll10.0.14393.5291 (rs1_release.220806-1444)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=AA86B65DCB0ECF7263B863DE2A4E8D00,SHA256=2C4E0CA21438A610DCC55E24190146254E959DC5B8A0DE00BE517365CCCB10FB,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 734700x8000000000000000344194Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.679{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000344193Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.679{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\shell32.dll10.0.14393.5291 (rs1_release.220806-1444)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=D73641916AB4964C7FE9B4A37473A01B,SHA256=4BB60581FB93D73CDC4F1FBEA2DDACE5D16FE61B6E0E16622C326B6E2F407A7E,IMPHASH=2A461CACC80CB7AC077398BD06B4057AtrueMicrosoft WindowsValid 734700x8000000000000000344192Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.678{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\rpcrt4.dll10.0.14393.5291 (rs1_release.220806-1444)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=F8550606B41FF309D9A1DC76BB4EE875,SHA256=A1FFDD6A2EDA9E0CF047C74B00649A2EA228E3B8BDE1761C66879FA40335C2EB,IMPHASH=C4246EC3F13C64466ED4274DBAA3B132trueMicrosoft WindowsValid 734700x8000000000000000344191Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.676{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\sechost.dll10.0.14393.5006 (rs1_release.220301-1704)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=9F0F4C38A22FC9FFB8814F77A9563680,SHA256=E9ABDA1063716301F5D06DBC94D6A35B3F53A14B946525E5F764485132DB6166,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000344190Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.676{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 18141800x8000000000000000344189Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:26.674{6820D070-4D64-6323-ED00-000000007502}6140\LOCAL\cubeb-pipe-6140-36C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000344188Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:26.674{6820D070-4D64-6323-ED00-000000007502}6140\LOCAL\cubeb-pipe-6140-36C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000344187Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.671{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704,IMPHASH=1835EBC72F9ADB09C6FCFABC04AC9C89trueMicrosoft WindowsValid 734700x8000000000000000344186Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.671{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winmmbase.dll10.0.14393.0 (rs1_release.160715-1616)Base Multimedia Extension API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMMbase.DLLMD5=24C1E8F8C10471C5A6F0E8AF141211EB,SHA256=75ECAE23C920D81614BA5C0648377C2FC04C7379FD6A388C244A81F50AAB7B1C,IMPHASH=0B9A3C99AAFA99247F9E2BD866186AEAtrueMicrosoft WindowsValid 734700x8000000000000000344185Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.670{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winmm.dll10.0.14393.0 (rs1_release.160715-1616)MCI API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMM.DLLMD5=F16410F5D557337B05CF4F93691EC106,SHA256=2B5BC3C0A6514356C6719298FC25D8D192A2C973EE3283EF48379D2745C9BD87,IMPHASH=9F0D37252D56D3F9E44E69CCC59B57AEtrueMicrosoft WindowsValid 734700x8000000000000000344184Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.666{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\advapi32.dll10.0.14393.4886 (rs1_release.220104-1735)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=C42106182CCA611F629E46981D1A0EEA,SHA256=68C134F95A8D38AE84545C8D581F4BF808B6C9D97513EA3CABF019C66419CBAE,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x8000000000000000344183Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.666{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\nss3.dll104.0.2-FirefoxMozilla Foundationnss3.dllMD5=53509A4511300964ADB047AD5F1F1170,SHA256=2241536476C6C2CCE371DCFB08432C351198809A577FFC2E79D27FCEAAB6FEE5,IMPHASH=C637BF48786E5FC945D5268F49B50500trueMozilla CorporationValid 734700x8000000000000000344182Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.662{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 734700x8000000000000000344181Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.657{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\gdi32full.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F284A98093B423946252259D7D2857D3,SHA256=193F70529B68EF108EA17ABC069E6DACF4541A547DF1D2F249F7555A58BCFA07,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000344180Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.655{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000344179Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.654{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000344178Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.654{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000344177Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.651{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4770 (rs1_release.211101-1440)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=54417B63FB3760BC6DBC5DB1BDA4C272,SHA256=B7A8B457B252AB949C067D5FCFEFB2AE98E9115B958D2A0FC120D7B13B3E9FAD,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000344176Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.651{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 10341000x8000000000000000344175Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.650{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+406b6|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+54cfb|C:\Windows\System32\RPCRT4.dll+533da|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000344174Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:26.649{6820D070-4D64-6323-ED00-000000007502}6140\gecko.6140.5612.2268168450521352753C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000344173Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:26.649{6820D070-4D64-6323-ED00-000000007502}6140\gecko.6140.5612.2268168450521352753C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000344172Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.649{6820D070-4DFA-6323-2A01-000000007502}8240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x8000000000000000344171Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.649{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\vcruntime140_1.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140_1.dllMD5=135359D350F72AD4BF716B764D39E749,SHA256=34048ABAA070ECC13B318CEA31425F4CA3EDD133D350318AC65259E6058C8B32,IMPHASH=AE0BDE6314FA2027B54CE04898F6AB69trueMicrosoft CorporationValid 10341000x8000000000000000344170Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.648{6820D070-4DFA-6323-2A01-000000007502}82408244C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6820D070-4ADF-6323-3200-000000007502}2936C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+610325|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+60fe56|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+60943|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+60f97|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+9e7f20|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344169Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.648{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntmarta.dll10.0.14393.0 (rs1_release.160715-1616)Windows NT MARTA providerMicrosoft® Windows® Operating SystemMicrosoft Corporationntmarta.dllMD5=854A3CAE7C97B630158C9F7EE8555970,SHA256=20F0A4D99C5095A0CAC39B816BFC987F64CD051843C79E027714666375986176,IMPHASH=98050D95AE15C8382F287539F2BF65FAtrueMicrosoft WindowsValid 734700x8000000000000000344168Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.647{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12,IMPHASH=67E6A4C8E164C0229E3FF1626F1894C6trueMicrosoft WindowsValid 734700x8000000000000000344167Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.646{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x8000000000000000344166Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.645{6820D070-4D64-6323-ED00-000000007502}61405612C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1a81b5a|C:\Program Files\Mozilla Firefox\xul.dll+1a7fb67|C:\Program Files\Mozilla Firefox\xul.dll+12cb5|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+127e7|C:\Program Files\Mozilla Firefox\xul.dll+9e0231|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344165Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.645{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\vcruntime140.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140.dllMD5=F34EB034AA4A9735218686590CBA2E8B,SHA256=9D2B40F0395CC5D1B4D5EA17B84970C29971D448C37104676DB577586D4AD1B1,IMPHASH=44C3854843F7A3FCCDF8DDBBEA66F302trueMicrosoft CorporationValid 18141800x8000000000000000344164Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:26.645{6820D070-4D64-6323-ED00-000000007502}6140\chrome.6140.41.145357624C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000344163Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.643{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344162Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.643{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344161Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.643{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344160Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.642{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344159Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.632{6820D070-4D64-6323-ED00-000000007502}61404084C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+114dfb|C:\Program Files\Mozilla Firefox\xul.dll+12ee2b1|C:\Windows\SYSTEM32\ntdll.dll+7f61d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed13|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000344158Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:26.631{6820D070-4D64-6323-ED00-000000007502}6140\gecko-crash-server-pipe.6140C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000344157Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.630{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp140.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationmsvcp140.dllMD5=6DA7F4530EDB350CF9D967D969CCECF8,SHA256=9FEE6F36547D6F6EA7CA0338655555DBA6BB0F798BC60334D29B94D1547DA4DA,IMPHASH=2BA11FD5A511C8A409E705E9AB6B5DC1trueMicrosoft CorporationValid 734700x8000000000000000344156Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.630{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242,IMPHASH=B6562243FBF394F03046E917C719260FtrueMicrosoft WindowsValid 734700x8000000000000000344155Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.629{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\crypt32.dll10.0.14393.5291 (rs1_release.220806-1444)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=0D54B119907CCD11827832973EAB917D,SHA256=78C28A0165B0A2581662CFB3A89E319006518DC2E1A664E6027C7F8EBFA05D92,IMPHASH=42B269CD88D7BD841B43BB1788792A62trueMicrosoft WindowsValid 734700x8000000000000000344154Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.628{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\mozglue.dll104.0.2-FirefoxMozilla Foundationmozglue.dllMD5=D81C40EAA529D675598BD3D88F4D273B,SHA256=F89754F1E16A89AF01B5A3B2F4FDE652AA14DBA3131FB9A831D1E51E2E4D9359,IMPHASH=59035CC8561E9C04E566E656F35B9519trueMozilla CorporationValid 734700x8000000000000000344153Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.626{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000344152Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.625{6820D070-4DFA-6323-2A01-000000007502}8240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000344151Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.625{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\version.dll10.0.14393.0 (rs1_release.160715-1616)Version Checking and File Installation LibrariesMicrosoft® Windows® Operating SystemMicrosoft CorporationVERSION.DLLMD5=CFDB018AC09F879CAAE7A66CA7880D57,SHA256=6AB95FD0D142CFFC3B9455AF51F003E1CD75B7F4323820390B975F9E1C8A47A5,IMPHASH=9A7C66851249D4CED6C2C9096DCA243BtrueMicrosoft WindowsValid 734700x8000000000000000344150Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.624{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\SHCore.dll10.0.14393.5066 (rs1_release.220401-1841)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=FC58D75DDAF44088B9101BE2418B1967,SHA256=74A0CCA04F2405A329897A6A1A3E90A0CE48E5772F85E7188C75677CD9D78160,IMPHASH=3C09BDCE2388320645D7656AE2AC744CtrueMicrosoft WindowsValid 734700x8000000000000000344149Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.624{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\combase.dll10.0.14393.5192 (rs1_release.220610-1622)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=336FBB55FF4D4E5A05343A51C98A8F74,SHA256=FD42EBCB39DD4311FA7515010FF4D08AC4DFF7D5C35FCB23207833ED4C2E8444,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000344148Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.623{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000344147Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.623{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000344146Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.623{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36,IMPHASH=FF25576501EAFD13671A6D5075C4513EtrueMicrosoft WindowsValid 734700x8000000000000000344145Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.622{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000344144Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.622{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wintrust.dll10.0.14393.5125 (rs1_release.220429-1732)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=55FCE44E89BDA2444619661FE50F43EE,SHA256=420CACA0D821E7E9F1D1E683E9899BC2F6D5A4AA06C8D4BB23335DD9490CC0F8,IMPHASH=8B8383FC3FA03C92F859A2AF899A52ADtrueMicrosoft WindowsValid 734700x8000000000000000344143Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.621{6820D070-4DFA-6323-2A01-000000007502}8240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x8000000000000000344142Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.621{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll104.0.2-FirefoxMozilla Foundationxul.dllMD5=0A51F22D078855CE4E32F0987E9B06C6,SHA256=CD073C7F42A13D192E8E96AC16B0C2BE56D40424768DC65733380AB4AFBD4716,IMPHASH=9A9A84C657A1B1C5F1F6F1989D349543trueMozilla CorporationValid 734700x8000000000000000344141Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.621{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\lgpllibs.dll104.0.2-FirefoxMozilla Foundationlgpllibs.dllMD5=8A81C934123E7CA79B7A1741570D3336,SHA256=0A0F351BBB315E6364398A55F77607E57C29CB83BEE9FC6D7EA6DC3D761964DA,IMPHASH=451AECEA9F58042E76D96A82BE2804FAtrueMozilla CorporationValid 734700x8000000000000000344140Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.619{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wsock32.dll10.0.14393.0 (rs1_release.160715-1616)Windows Socket 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationwsock32.dllMD5=9471D5E2FEDF5552440BF935143DFAB0,SHA256=B489197F05EFFFB17F10FA9942DB88100C86BEB8291F9ACC8EB38BEF751BF90D,IMPHASH=6D33A1BDF842DEBFB889C44A830190E7trueMicrosoft WindowsValid 734700x8000000000000000344139Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.618{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000344138Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.616{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\rpcrt4.dll10.0.14393.5291 (rs1_release.220806-1444)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=F8550606B41FF309D9A1DC76BB4EE875,SHA256=A1FFDD6A2EDA9E0CF047C74B00649A2EA228E3B8BDE1761C66879FA40335C2EB,IMPHASH=C4246EC3F13C64466ED4274DBAA3B132trueMicrosoft WindowsValid 734700x8000000000000000344137Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.616{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\sechost.dll10.0.14393.5006 (rs1_release.220301-1704)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=9F0F4C38A22FC9FFB8814F77A9563680,SHA256=E9ABDA1063716301F5D06DBC94D6A35B3F53A14B946525E5F764485132DB6166,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000344136Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.616{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000344135Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.615{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\advapi32.dll10.0.14393.4886 (rs1_release.220104-1735)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=C42106182CCA611F629E46981D1A0EEA,SHA256=68C134F95A8D38AE84545C8D581F4BF808B6C9D97513EA3CABF019C66419CBAE,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x8000000000000000344134Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.615{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\nss3.dll104.0.2-FirefoxMozilla Foundationnss3.dllMD5=53509A4511300964ADB047AD5F1F1170,SHA256=2241536476C6C2CCE371DCFB08432C351198809A577FFC2E79D27FCEAAB6FEE5,IMPHASH=C637BF48786E5FC945D5268F49B50500trueMozilla CorporationValid 734700x8000000000000000344133Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.612{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 734700x8000000000000000344132Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.610{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\gdi32full.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F284A98093B423946252259D7D2857D3,SHA256=193F70529B68EF108EA17ABC069E6DACF4541A547DF1D2F249F7555A58BCFA07,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000344131Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.608{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000344130Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.607{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\KernelBase.dll10.0.14393.5246 (rs1_release.220701-1744)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=96EFBE3DB6300BB13E0720809302FF9F,SHA256=2DE51A861E8D47D75730027E8BD70554363E10449EC258527C491EE8D4A57C2F,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000344129Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.607{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000344128Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.607{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000344127Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.606{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=92D599E644B89C0F9E7DDB55762EBEA6,SHA256=F32D28EE73EADAF9EF3F30145FA3C52B88DF47236B8747434750832BF1B9CDEE,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000344126Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.602{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4770 (rs1_release.211101-1440)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=54417B63FB3760BC6DBC5DB1BDA4C272,SHA256=B7A8B457B252AB949C067D5FCFEFB2AE98E9115B958D2A0FC120D7B13B3E9FAD,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000344125Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.602{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000344124Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.600{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\vcruntime140_1.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140_1.dllMD5=135359D350F72AD4BF716B764D39E749,SHA256=34048ABAA070ECC13B318CEA31425F4CA3EDD133D350318AC65259E6058C8B32,IMPHASH=AE0BDE6314FA2027B54CE04898F6AB69trueMicrosoft CorporationValid 734700x8000000000000000344123Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.599{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\vcruntime140.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140.dllMD5=F34EB034AA4A9735218686590CBA2E8B,SHA256=9D2B40F0395CC5D1B4D5EA17B84970C29971D448C37104676DB577586D4AD1B1,IMPHASH=44C3854843F7A3FCCDF8DDBBEA66F302trueMicrosoft CorporationValid 734700x8000000000000000344122Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.598{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntdll.dll10.0.14393.5006 (rs1_release.220301-1704)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=F5EE39B17A8BCDEDC3D40997C26F62B1,SHA256=11C1C88B1CC11D9800DEEF27ED7ABDFDE3DC852687A3B9FBD5153284106E5952,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000344121Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.598{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp140.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationmsvcp140.dllMD5=6DA7F4530EDB350CF9D967D969CCECF8,SHA256=9FEE6F36547D6F6EA7CA0338655555DBA6BB0F798BC60334D29B94D1547DA4DA,IMPHASH=2BA11FD5A511C8A409E705E9AB6B5DC1trueMicrosoft CorporationValid 734700x8000000000000000344120Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.598{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242,IMPHASH=B6562243FBF394F03046E917C719260FtrueMicrosoft WindowsValid 734700x8000000000000000344119Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.597{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\crypt32.dll10.0.14393.5291 (rs1_release.220806-1444)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=0D54B119907CCD11827832973EAB917D,SHA256=78C28A0165B0A2581662CFB3A89E319006518DC2E1A664E6027C7F8EBFA05D92,IMPHASH=42B269CD88D7BD841B43BB1788792A62trueMicrosoft WindowsValid 734700x8000000000000000344118Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.596{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\mozglue.dll104.0.2-FirefoxMozilla Foundationmozglue.dllMD5=D81C40EAA529D675598BD3D88F4D273B,SHA256=F89754F1E16A89AF01B5A3B2F4FDE652AA14DBA3131FB9A831D1E51E2E4D9359,IMPHASH=59035CC8561E9C04E566E656F35B9519trueMozilla CorporationValid 10341000x8000000000000000344117Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.596{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344116Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.596{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344115Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.596{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\firefox.exe104.0.2FirefoxFirefoxMozilla Corporationfirefox.exeMD5=BBF69077780A3C362C8F6545B6B254B9,SHA256=9BA01237719ABB00128CC369D5BEA68E6EB6AFCAA47C4316EED174615B90E2B6,IMPHASH=9AE80BC4D7F699F3663D6FC8FC1CEAF0trueMozilla CorporationValid 734700x8000000000000000344114Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.596{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 10341000x8000000000000000344113Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.595{6820D070-4D64-6323-ED00-000000007502}61404264C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+27040|C:\Program Files\Mozilla Firefox\xul.dll+e7c824|C:\Program Files\Mozilla Firefox\xul.dll+e76539|C:\Program Files\Mozilla Firefox\xul.dll+e6774a|C:\Program Files\Mozilla Firefox\xul.dll+378cdc3|C:\Program Files\Mozilla Firefox\xul.dll+7c6334|C:\Program Files\Mozilla Firefox\xul.dll+1a629d7|C:\Program Files\Mozilla Firefox\xul.dll+17b18ec|C:\Program Files\Mozilla Firefox\xul.dll+1a88fb4|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+1fc8e|C:\Program Files\Mozilla Firefox\xul.dll+180dd8|C:\Program Files\Mozilla Firefox\xul.dll+17fd52|C:\Program Files\Mozilla Firefox\xul.dll+44a9b51|C:\Program Files\Mozilla Firefox\xul.dll+4511b42|C:\Program Files\Mozilla Firefox\xul.dll+451296c|C:\Program Files\Mozilla Firefox\xul.dll+1f8be23|C:\Program Files\Mozilla Firefox\firefox.exe+19db6|C:\Program Files\Mozilla Firefox\firefox.exe+27d18|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344112Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.594{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\KernelBase.dll10.0.14393.5246 (rs1_release.220701-1744)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=96EFBE3DB6300BB13E0720809302FF9F,SHA256=2DE51A861E8D47D75730027E8BD70554363E10449EC258527C491EE8D4A57C2F,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 10341000x8000000000000000344111Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.593{6820D070-4D64-6323-ED00-000000007502}61404264C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+27040|C:\Program Files\Mozilla Firefox\xul.dll+e7c824|C:\Program Files\Mozilla Firefox\xul.dll+e76539|C:\Program Files\Mozilla Firefox\xul.dll+e6774a|C:\Program Files\Mozilla Firefox\xul.dll+378cdc3|C:\Program Files\Mozilla Firefox\xul.dll+7c6334|C:\Program Files\Mozilla Firefox\xul.dll+1a629d7|C:\Program Files\Mozilla Firefox\xul.dll+17b18ec|C:\Program Files\Mozilla Firefox\xul.dll+1a88fb4|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+1fc8e|C:\Program Files\Mozilla Firefox\xul.dll+180dd8|C:\Program Files\Mozilla Firefox\xul.dll+17fd52|C:\Program Files\Mozilla Firefox\xul.dll+44a9b51|C:\Program Files\Mozilla Firefox\xul.dll+4511b42|C:\Program Files\Mozilla Firefox\xul.dll+451296c|C:\Program Files\Mozilla Firefox\xul.dll+1f8be23|C:\Program Files\Mozilla Firefox\firefox.exe+19db6|C:\Program Files\Mozilla Firefox\firefox.exe+27d18|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344110Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.593{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=92D599E644B89C0F9E7DDB55762EBEA6,SHA256=F32D28EE73EADAF9EF3F30145FA3C52B88DF47236B8747434750832BF1B9CDEE,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000344109Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.592{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntdll.dll10.0.14393.5006 (rs1_release.220301-1704)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=F5EE39B17A8BCDEDC3D40997C26F62B1,SHA256=11C1C88B1CC11D9800DEEF27ED7ABDFDE3DC852687A3B9FBD5153284106E5952,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000344108Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.592{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\firefox.exe104.0.2FirefoxFirefoxMozilla Corporationfirefox.exeMD5=BBF69077780A3C362C8F6545B6B254B9,SHA256=9BA01237719ABB00128CC369D5BEA68E6EB6AFCAA47C4316EED174615B90E2B6,IMPHASH=9AE80BC4D7F699F3663D6FC8FC1CEAF0trueMozilla CorporationValid 10341000x8000000000000000344107Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.592{6820D070-4D64-6323-ED00-000000007502}61405612C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+9f9b59|C:\Program Files\Mozilla Firefox\xul.dll+7c6334|C:\Program Files\Mozilla Firefox\xul.dll+1a7fd3f|C:\Program Files\Mozilla Firefox\xul.dll+12cb5|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+127e7|C:\Program Files\Mozilla Firefox\xul.dll+9e0231|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344106Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.591{6820D070-4D64-6323-ED00-000000007502}61405612C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+9f9b59|C:\Program Files\Mozilla Firefox\xul.dll+7c6334|C:\Program Files\Mozilla Firefox\xul.dll+1a7fd3f|C:\Program Files\Mozilla Firefox\xul.dll+12cb5|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+127e7|C:\Program Files\Mozilla Firefox\xul.dll+9e0231|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344105Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.575{6820D070-4B7C-6323-8800-000000007502}6281180C:\Windows\system32\csrss.exe{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000344104Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.574{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344103Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.574{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344102Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.574{6820D070-4D64-6323-ED00-000000007502}61405840C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b830|C:\Windows\System32\KERNELBASE.dll+6f523|C:\Windows\System32\ADVAPI32.dll+189bf|C:\Program Files\Mozilla Firefox\firefox.exe+2bb52|C:\Program Files\Mozilla Firefox\firefox.exe+59d7|C:\Program Files\Mozilla Firefox\xul.dll+203367f|C:\Program Files\Mozilla Firefox\xul.dll+9f4a88|C:\Program Files\Mozilla Firefox\xul.dll+9f2b85|C:\Program Files\Mozilla Firefox\xul.dll+9faa2e|C:\Program Files\Mozilla Firefox\xul.dll+84ead3|C:\Program Files\Mozilla Firefox\xul.dll+17b26ed|C:\Program Files\Mozilla Firefox\xul.dll+17b0885|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+1fc8e|C:\Program Files\Mozilla Firefox\xul.dll+8523f7|C:\Program Files\Mozilla Firefox\nss3.dll+75edc|C:\Program Files\Mozilla Firefox\nss3.dll+8c1d1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000344101Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.574{6820D070-4DFA-6323-2C01-000000007502}8504C:\Program Files\Mozilla Firefox\firefox.exe104.0.2FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6140.41.1453576244\1501109275" -childID 38 -isForBrowser -prefsHandle 9936 -prefMapHandle 9920 -prefsLen 31603 -prefMapSize 231974 -jsInitHandle 1100 -jsInitLen 247228 -a11yResourceId 64 -parentBuildID 20220902153754 -appDir "C:\Program Files\Mozilla Firefox\browser" - 6140 "\\.\pipe\gecko-crash-server-pipe.6140" 10028 261302fa448 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{6820D070-4B7D-6323-1F63-0C0000000000}0xc631f2LowMD5=BBF69077780A3C362C8F6545B6B254B9,SHA256=9BA01237719ABB00128CC369D5BEA68E6EB6AFCAA47C4316EED174615B90E2B6,IMPHASH=9AE80BC4D7F699F3663D6FC8FC1CEAF0{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 10341000x8000000000000000344100Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.573{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344099Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.573{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344098Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.572{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344097Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.572{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344096Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.572{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344095Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.572{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344094Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.571{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344093Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.571{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344092Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.571{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344091Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.570{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344090Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.570{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344089Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.570{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344088Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.568{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344087Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.568{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344086Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.567{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344085Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.567{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344084Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.567{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344083Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.566{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344082Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.566{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344081Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.566{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344080Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.566{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344079Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.565{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344078Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.565{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344077Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.565{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344076Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.565{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344075Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.564{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344074Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.558{6820D070-4B7C-6323-8800-000000007502}6284268C:\Windows\system32\csrss.exe{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000344073Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.557{6820D070-4D64-6323-ED00-000000007502}61405840C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b830|C:\Windows\System32\KERNELBASE.dll+6f523|C:\Windows\System32\ADVAPI32.dll+189bf|C:\Program Files\Mozilla Firefox\firefox.exe+2bb52|C:\Program Files\Mozilla Firefox\firefox.exe+59d7|C:\Program Files\Mozilla Firefox\xul.dll+203367f|C:\Program Files\Mozilla Firefox\xul.dll+9f4a88|C:\Program Files\Mozilla Firefox\xul.dll+9f2b85|C:\Program Files\Mozilla Firefox\xul.dll+9faa2e|C:\Program Files\Mozilla Firefox\xul.dll+84ead3|C:\Program Files\Mozilla Firefox\xul.dll+17b26ed|C:\Program Files\Mozilla Firefox\xul.dll+17b0967|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+1fc8e|C:\Program Files\Mozilla Firefox\xul.dll+8523f7|C:\Program Files\Mozilla Firefox\nss3.dll+75edc|C:\Program Files\Mozilla Firefox\nss3.dll+8c1d1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000344072Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.557{6820D070-4DFA-6323-2B01-000000007502}8496C:\Program Files\Mozilla Firefox\firefox.exe104.0.2FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6140.40.1860306530\1512722994" -childID 37 -isForBrowser -prefsHandle 9976 -prefMapHandle 5364 -prefsLen 31603 -prefMapSize 231974 -jsInitHandle 1100 -jsInitLen 247228 -a11yResourceId 64 -parentBuildID 20220902153754 -appDir "C:\Program Files\Mozilla Firefox\browser" - 6140 "\\.\pipe\gecko-crash-server-pipe.6140" 9836 2612ffe3848 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{6820D070-4B7D-6323-1F63-0C0000000000}0xc631f2LowMD5=BBF69077780A3C362C8F6545B6B254B9,SHA256=9BA01237719ABB00128CC369D5BEA68E6EB6AFCAA47C4316EED174615B90E2B6,IMPHASH=9AE80BC4D7F699F3663D6FC8FC1CEAF0{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 17141700x8000000000000000344071Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:26.556{6820D070-4D64-6323-ED00-000000007502}6140\chrome.6140.41.145357624C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000344070Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.556{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344069Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.556{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344068Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.555{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344067Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.555{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344066Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.555{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344065Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.555{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344064Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.554{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344063Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.554{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344062Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.554{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344061Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.551{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344060Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.550{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344059Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.548{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344058Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.548{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344057Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.548{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344056Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.547{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344055Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.547{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344054Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.547{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344053Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.544{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344052Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.544{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344051Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.544{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344050Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.543{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344049Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.543{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344048Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.543{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344047Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.542{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344046Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.542{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344045Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.540{6820D070-4ACF-6323-0B00-000000007502}620668C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 17141700x8000000000000000344044Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:26.537{6820D070-4D64-6323-ED00-000000007502}6140\chrome.6140.40.186030653C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000344043Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.532{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344042Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.531{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344041Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.531{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344040Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.528{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344039Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.492{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\mswsock.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft Windows Sockets 2.0 Service ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationmswsock.dllMD5=B52ACA309FD6F72105951FFBA022327B,SHA256=02AB6CCE4BF0D3F075D5E982F5A4CBDB514CE7C245EA474D7846A86CD3F13202,IMPHASH=0E9C1FA273A5EFD763FAC8E145B20C80trueMicrosoft WindowsValid 354300x8000000000000000344038Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.758{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local60999- 354300x8000000000000000344037Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.757{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50251-false199.38.167.129-443https 354300x8000000000000000344036Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.755{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local56681- 354300x8000000000000000344035Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.752{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50248-false35.227.252.103-443https 354300x8000000000000000344034Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.752{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50247-false69.173.151.100-443https 354300x8000000000000000344033Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.751{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local58696- 354300x8000000000000000344032Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.750{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50246-false54.236.105.82ec2-54-236-105-82.compute-1.amazonaws.com443https 354300x8000000000000000344031Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.712{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local59103- 354300x8000000000000000344030Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.712{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local59358- 354300x8000000000000000344029Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.711{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local57473- 354300x8000000000000000344028Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.711{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53941- 354300x8000000000000000344027Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.710{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local59075- 354300x8000000000000000344026Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.710{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local59873- 354300x8000000000000000344025Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.708{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local54325- 354300x8000000000000000344024Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.708{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local60182- 354300x8000000000000000344023Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.707{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local57576- 354300x8000000000000000344022Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.697{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local60536- 354300x8000000000000000344021Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.694{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local57293- 354300x8000000000000000344020Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.686{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50243-false23.39.60.27a23-39-60-27.deploy.static.akamaitechnologies.com443https 354300x8000000000000000344019Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.679{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50242-false13.33.165.6server-13-33-165-6.yto50.r.cloudfront.net443https 354300x8000000000000000344018Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.677{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local54587- 354300x8000000000000000344017Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.675{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53733- 354300x8000000000000000344016Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.674{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local55170- 354300x8000000000000000344015Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.673{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local60310- 354300x8000000000000000344014Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.672{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local64045- 354300x8000000000000000344013Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.671{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local54425- 354300x8000000000000000344012Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.668{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local64209- 354300x8000000000000000344011Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.668{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local58616- 354300x8000000000000000344010Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.664{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local61069- 354300x8000000000000000344009Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.663{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local57703- 354300x8000000000000000344008Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.662{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local64535- 354300x8000000000000000344007Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.661{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local54261- 354300x8000000000000000344006Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.661{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local61623- 354300x8000000000000000344005Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.660{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local64753- 354300x8000000000000000344004Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.660{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50241-false104.22.55.206-443https 354300x8000000000000000344003Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.659{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local55941- 354300x8000000000000000344002Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.658{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local59974- 354300x8000000000000000344001Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.658{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local60666- 354300x8000000000000000344000Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.658{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53480- 354300x8000000000000000343999Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.658{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local59516- 354300x8000000000000000343998Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.657{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local63066- 354300x8000000000000000343997Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.656{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local55817- 354300x8000000000000000343996Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.650{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local58699- 354300x8000000000000000343995Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.645{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local58782- 354300x8000000000000000343994Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.640{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local54937- 354300x8000000000000000343993Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.639{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local58506- 354300x8000000000000000343992Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.636{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53635- 10341000x8000000000000000343991Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.392{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000343990Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.629{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local64603- 354300x8000000000000000343989Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.623{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50239-false104.98.89.221a104-98-89-221.deploy.static.akamaitechnologies.com443https 354300x8000000000000000343988Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.617{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local55898- 354300x8000000000000000343987Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.616{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50240-false35.71.139.29afb83dd09526a6517.awsglobalaccelerator.com443https 354300x8000000000000000343986Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.616{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local61055- 10341000x8000000000000000343985Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.391{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000343984Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.614{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local63679- 354300x8000000000000000343983Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.610{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50238-false146.75.33.108-443https 354300x8000000000000000343982Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.607{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local54405- 354300x8000000000000000343981Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.602{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53568- 10341000x8000000000000000343980Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.391{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000343979Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.597{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local62916- 354300x8000000000000000343978Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.596{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50237-false23.39.37.13a23-39-37-13.deploy.static.akamaitechnologies.com443https 354300x8000000000000000343977Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.596{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local55556- 354300x8000000000000000343976Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.596{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local63768- 354300x8000000000000000343975Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.594{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local61994- 10341000x8000000000000000343974Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.391{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000343973Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.594{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50234-false23.53.112.201a23-53-112-201.deploy.static.akamaitechnologies.com443https 354300x8000000000000000343972Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.591{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local60583- 354300x8000000000000000343971Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.589{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local54649- 354300x8000000000000000343970Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.588{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50236-false104.18.24.121-443https 354300x8000000000000000343969Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.587{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50235-false99.86.224.69server-99-86-224-69.iad79.r.cloudfront.net443https 354300x8000000000000000343968Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.586{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local64019- 354300x8000000000000000343967Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.586{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50233-false34.98.64.218218.64.98.34.bc.googleusercontent.com443https 354300x8000000000000000343966Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.577{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local56004- 354300x8000000000000000343965Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.577{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local61356- 354300x8000000000000000343964Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.577{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local56425- 354300x8000000000000000343963Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.575{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local61118- 354300x8000000000000000343962Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.574{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local58228- 354300x8000000000000000343961Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.573{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local58389- 354300x8000000000000000343960Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.573{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local58098- 354300x8000000000000000343959Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.571{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local59081- 734700x8000000000000000343958Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.360{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\mswsock.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft Windows Sockets 2.0 Service ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationmswsock.dllMD5=B52ACA309FD6F72105951FFBA022327B,SHA256=02AB6CCE4BF0D3F075D5E982F5A4CBDB514CE7C245EA474D7846A86CD3F13202,IMPHASH=0E9C1FA273A5EFD763FAC8E145B20C80trueMicrosoft WindowsValid 734700x8000000000000000343957Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.357{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\mswsock.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft Windows Sockets 2.0 Service ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationmswsock.dllMD5=B52ACA309FD6F72105951FFBA022327B,SHA256=02AB6CCE4BF0D3F075D5E982F5A4CBDB514CE7C245EA474D7846A86CD3F13202,IMPHASH=0E9C1FA273A5EFD763FAC8E145B20C80trueMicrosoft WindowsValid 734700x8000000000000000343956Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.330{6820D070-4DFA-6323-2A01-000000007502}8240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000343955Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.326{6820D070-4DFA-6323-2A01-000000007502}8240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000343954Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.324{6820D070-4DFA-6323-2A01-000000007502}8240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000343953Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.319{6820D070-4DFA-6323-2A01-000000007502}8240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.5066 (rs1_release.220401-1841)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=75E3DE473374E0BCBBD1EC60036A93EC,SHA256=23EBE577D2080D4C7532184B69E44BF640BB44084F9046A5AF364268A7BDB1EC,IMPHASH=6CC8301D560C9DC6CB13A6320F3A3B1FtrueMicrosoft WindowsValid 734700x8000000000000000343952Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.315{6820D070-4DFA-6323-2A01-000000007502}8240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000343951Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.314{6820D070-4DFA-6323-2A01-000000007502}8240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.5066 (rs1_release.220401-1841)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3D375474E2FE9A77D243E35954287188,SHA256=7850F11166D7CACED6F628033524ED86191AE92772000AFA677E59A664396E8C,IMPHASH=6990BA83B94C81786A84E6C44E699D03trueMicrosoft WindowsValid 734700x8000000000000000343950Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.313{6820D070-4DFA-6323-2A01-000000007502}8240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000343949Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.312{6820D070-4DFA-6323-2A01-000000007502}8240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.5125 (rs1_release.220429-1732)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=E8FF656B90334BED915B2BC6BBE57C9A,SHA256=8BB399AD98B9D9C637D09EB48306B1E80C50BAA7D1C9811595D9042E4294173C,IMPHASH=FE007B4B6CED5075C98434207FFF87E0trueMicrosoft WindowsValid 734700x8000000000000000343948Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.286{6820D070-4DFA-6323-2A01-000000007502}8240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.5192 (rs1_release.220610-1622)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=48620A4A9EE4129296C93ED63D5363B2,SHA256=1FACA8BACE6051E29DEB1BB593B7F17FDABCCFC7A0FC4562BD77AA7CFB579435,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000343947Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.285{6820D070-4DFA-6323-2A01-000000007502}8240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000343946Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.285{6820D070-4DFA-6323-2A01-000000007502}8240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000343945Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.283{6820D070-4DFA-6323-2A01-000000007502}8240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000343944Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.283{6820D070-4DFA-6323-2A01-000000007502}8240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2zaOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=B28B29D2F85EB8349BFB5E7214D7F4D5,SHA256=17260ACBE55D8988E598ECEFBC60140EBE057336B47D8089444588321F067280,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000343943Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.281{6820D070-4DFA-6323-2A01-000000007502}8240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=AD564ED89D67D88709AA5980BAE20604,SHA256=0EEBE5AA750667908006742E133AE1C273D966897B95B1A0E63826450BB4780A,IMPHASH=A48DFE6DD98128BE3EB687CBF2724A44trueSplunk, Inc.Valid 734700x8000000000000000343942Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.281{6820D070-4DFA-6323-2A01-000000007502}8240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=98C643DECFE1971BE3E8B076B19BFD72,SHA256=A520C20F316C902985449BC17AB5F86FCF2F41420B08C1AE08BA06E767EB49F3,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000343941Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.280{6820D070-4DFA-6323-2A01-000000007502}8240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=9BC99DECE580BD163AC318FCD1ACB667,SHA256=94BA08021E14476ED8EC2DC81165574B64274E20F2D8DE9CA98CD0D10CE279F7,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000343940Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.280{6820D070-4DFA-6323-2A01-000000007502}8240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2zaOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=0FE6D3D4B3F4B0F5502371832D12BB8E,SHA256=3DF79909021C72E70D2AE273587296E5E2D5F77315011B5C3115CFA359682647,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000343939Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.279{6820D070-4DFA-6323-2A01-000000007502}8240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.10libxml2 librarylibxml2-libxml2.dllMD5=20596DB2126E9F188727597F0FCC7CDB,SHA256=BAD6246A2B43B07FE80643DE40B0CE49751C8E0B95B076AD94E59F16CE8D8C0C,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000343938Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.279{6820D070-4DFA-6323-2A01-000000007502}8240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=FBA0D04D5A8AEA25D86EC623A14D0056,SHA256=D64FE508393C40160D1EFB22149C69763CBAA921BD1BC74C8D4AE59A10C3B767,IMPHASH=987AB6B8B03EE421D8CC59EAFE452916trueSplunk, Inc.Valid 734700x8000000000000000343937Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.279{6820D070-4DFA-6323-2A01-000000007502}8240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000343936Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.279{6820D070-4DFA-6323-2A01-000000007502}8240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x8000000000000000343935Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.278{6820D070-4DFA-6323-2A01-000000007502}8240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000343934Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.277{6820D070-4DFA-6323-2A01-000000007502}8240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000343933Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.276{6820D070-4DFA-6323-2A01-000000007502}8240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4770 (rs1_release.211101-1440)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=54417B63FB3760BC6DBC5DB1BDA4C272,SHA256=B7A8B457B252AB949C067D5FCFEFB2AE98E9115B958D2A0FC120D7B13B3E9FAD,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000343932Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.276{6820D070-4DFA-6323-2A01-000000007502}8240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000343931Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.275{6820D070-4DFA-6323-2A01-000000007502}8240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.5192 (rs1_release.220610-1622)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=336FBB55FF4D4E5A05343A51C98A8F74,SHA256=FD42EBCB39DD4311FA7515010FF4D08AC4DFF7D5C35FCB23207833ED4C2E8444,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000343930Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.275{6820D070-4DFA-6323-2A01-000000007502}8240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=EB53D1BF6E1667C8727EBBB5D5A862ED,SHA256=2B3D48DFA43A284B1C66A8A98B0A48104133D86EEEB2E8E060BE2281CF476348,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000343929Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.275{6820D070-4DFA-6323-2A01-000000007502}8240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F284A98093B423946252259D7D2857D3,SHA256=193F70529B68EF108EA17ABC069E6DACF4541A547DF1D2F249F7555A58BCFA07,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000343928Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.275{6820D070-4DFA-6323-2A01-000000007502}8240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000343927Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.274{6820D070-4DFA-6323-2A01-000000007502}8240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000343926Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.274{6820D070-4DFA-6323-2A01-000000007502}8240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000343925Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.273{6820D070-4DFA-6323-2A01-000000007502}8240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000343924Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.273{6820D070-4DFA-6323-2A01-000000007502}8240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.5291 (rs1_release.220806-1444)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=F8550606B41FF309D9A1DC76BB4EE875,SHA256=A1FFDD6A2EDA9E0CF047C74B00649A2EA228E3B8BDE1761C66879FA40335C2EB,IMPHASH=C4246EC3F13C64466ED4274DBAA3B132trueMicrosoft WindowsValid 734700x8000000000000000343923Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.272{6820D070-4DFA-6323-2A01-000000007502}8240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.5006 (rs1_release.220301-1704)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=9F0F4C38A22FC9FFB8814F77A9563680,SHA256=E9ABDA1063716301F5D06DBC94D6A35B3F53A14B946525E5F764485132DB6166,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000343922Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.272{6820D070-4DFA-6323-2A01-000000007502}8240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000343921Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.271{6820D070-4DFA-6323-2A01-000000007502}8240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4886 (rs1_release.220104-1735)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=C42106182CCA611F629E46981D1A0EEA,SHA256=68C134F95A8D38AE84545C8D581F4BF808B6C9D97513EA3CABF019C66419CBAE,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x8000000000000000343920Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.269{6820D070-4AE0-6323-3A00-000000007502}34043444C:\Windows\system32\conhost.exe{6820D070-4DFA-6323-2A01-000000007502}8240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8df|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343919Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.252{6820D070-4DFA-6323-2A01-000000007502}8240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.5246 (rs1_release.220701-1744)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=96EFBE3DB6300BB13E0720809302FF9F,SHA256=2DE51A861E8D47D75730027E8BD70554363E10449EC258527C491EE8D4A57C2F,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000343918Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.251{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\freebl3.dll104.0.2-FirefoxMozilla Foundationfreebl3.dllMD5=E955B74FC4EC39B2FBA71B95F5785511,SHA256=AF895F69461521DC6DE09FA62D81F833D63D8559CA58FDBDACDDEBAF756FE717,IMPHASH=603677F758E7CEE100C502B5C0E50293trueMozilla CorporationValid 734700x8000000000000000343917Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.251{6820D070-4DFA-6323-2A01-000000007502}8240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=92D599E644B89C0F9E7DDB55762EBEA6,SHA256=F32D28EE73EADAF9EF3F30145FA3C52B88DF47236B8747434750832BF1B9CDEE,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000343916Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.250{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\softokn3.dll104.0.2-FirefoxMozilla Foundationsoftokn3.dllMD5=4E78CA1C6C19DE0E2F37505183B005A8,SHA256=ADFA856F86B98E90DA37A1BDA1ABC261A6A871042FB342F93F43C6777E9E3CE2,IMPHASH=8217C8B17239D6236F43DE3AC007B8A6trueMozilla CorporationValid 734700x8000000000000000343915Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.250{6820D070-4DFA-6323-2A01-000000007502}8240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.5006 (rs1_release.220301-1704)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=F5EE39B17A8BCDEDC3D40997C26F62B1,SHA256=11C1C88B1CC11D9800DEEF27ED7ABDFDE3DC852687A3B9FBD5153284106E5952,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000343914Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.248{6820D070-4DFA-6323-2A01-000000007502}8240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.2.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=C8BED8D054FDE4C4222F39C750539874,SHA256=765D1E768D7027343C681DF3B2F6113ED0337F7179CDAE9CF89979A8725CE490,IMPHASH=5DCBAD7446F97D73DA1DA121D8CD8778trueSplunk, Inc.Valid 10341000x8000000000000000343913Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.240{6820D070-4ACF-6323-0500-000000007502}404520C:\Windows\system32\csrss.exe{6820D070-4DFA-6323-2A01-000000007502}8240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000343912Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.239{6820D070-4ADF-6323-3200-000000007502}29363888C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6820D070-4DFA-6323-2A01-000000007502}8240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b830|C:\Windows\System32\KERNELBASE.dll+6b316|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e499f1|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+1b3255|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+1bd30d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+1b59b6|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+dd3c14|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+1bd79a|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+1c0f1c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+dd07d2|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+dd491d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+1bb965|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+dc694e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000343911Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.239{6820D070-4DFA-6323-2A01-000000007502}8240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.2.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6820D070-4ACF-6323-E703-000000000000}0x3e70SystemMD5=C8BED8D054FDE4C4222F39C750539874,SHA256=765D1E768D7027343C681DF3B2F6113ED0337F7179CDAE9CF89979A8725CE490,IMPHASH=5DCBAD7446F97D73DA1DA121D8CD8778{6820D070-4ADF-6323-3200-000000007502}2936C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 734700x8000000000000000343910Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.186{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\freebl3.dll104.0.2-FirefoxMozilla Foundationfreebl3.dllMD5=E955B74FC4EC39B2FBA71B95F5785511,SHA256=AF895F69461521DC6DE09FA62D81F833D63D8559CA58FDBDACDDEBAF756FE717,IMPHASH=603677F758E7CEE100C502B5C0E50293trueMozilla CorporationValid 734700x8000000000000000343909Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.185{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\softokn3.dll104.0.2-FirefoxMozilla Foundationsoftokn3.dllMD5=4E78CA1C6C19DE0E2F37505183B005A8,SHA256=ADFA856F86B98E90DA37A1BDA1ABC261A6A871042FB342F93F43C6777E9E3CE2,IMPHASH=8217C8B17239D6236F43DE3AC007B8A6trueMozilla CorporationValid 10341000x8000000000000000343908Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.178{6820D070-4AD1-6323-1200-000000007502}3961540C:\Windows\system32\svchost.exe{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cd4|c:\windows\system32\fntcache.dll+17a6f|c:\windows\system32\fntcache.dll+1a637|c:\windows\system32\fntcache.dll+1aa6c|c:\windows\system32\fntcache.dll+501de|c:\windows\system32\fntcache.dll+4fee2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343907Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.177{6820D070-4AD1-6323-1200-000000007502}3961540C:\Windows\system32\svchost.exe{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cd4|c:\windows\system32\fntcache.dll+17a6f|c:\windows\system32\fntcache.dll+1a637|c:\windows\system32\fntcache.dll+1aa6c|c:\windows\system32\fntcache.dll+501de|c:\windows\system32\fntcache.dll+4fee2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343906Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.174{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343905Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.174{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343904Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.174{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343903Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.173{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343902Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.171{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\DWrite.dll10.0.14393.4704 (rs1_release.211004-1917)Microsoft DirectX Typography ServicesMicrosoft® Windows® Operating SystemMicrosoft CorporationDWriteMD5=E6024B83C3D336E71E636E2816A0F6C6,SHA256=6BCFB676656A149E0307D6BA0AEE58FA6057BB8A920B57505CD2B90C8968DF94,IMPHASH=4DF173E853B52F621D05CC337B9F72CEtrueMicrosoft WindowsValid 734700x8000000000000000343901Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.169{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\devobj.dll10.0.14393.0 (rs1_release.160715-1616)Device Information Set DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationdevinfoset.DLLMD5=72AD993A6E896EB50058A73D045F3284,SHA256=CFF524F52D5F91788F34A47076E0CA36132890981079B27F559279B3F6FC3B11,IMPHASH=DFDCA72C641F8587ADF49CA0ED1D5817trueMicrosoft WindowsValid 734700x8000000000000000343900Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.168{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\setupapi.dll10.0.14393.2608 (rs1_release.181024-1742)Windows Setup APIMicrosoft® Windows® Operating SystemMicrosoft CorporationSETUPAPI.DLLMD5=8EEA3E9E124AC395915517588723F12E,SHA256=ED63B8F0079069271F46EECCB4B0CF384D02BD1E18FE3BA635A0C0B1284B2CBE,IMPHASH=5910ADAAC44A92AFA6ED871531949CEEtrueMicrosoft WindowsValid 734700x8000000000000000343899Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.164{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\freebl3.dll104.0.2-FirefoxMozilla Foundationfreebl3.dllMD5=E955B74FC4EC39B2FBA71B95F5785511,SHA256=AF895F69461521DC6DE09FA62D81F833D63D8559CA58FDBDACDDEBAF756FE717,IMPHASH=603677F758E7CEE100C502B5C0E50293trueMozilla CorporationValid 734700x8000000000000000343898Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.163{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ole32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=EB53D1BF6E1667C8727EBBB5D5A862ED,SHA256=2B3D48DFA43A284B1C66A8A98B0A48104133D86EEEB2E8E060BE2281CF476348,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000343897Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.161{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\freebl3.dll104.0.2-FirefoxMozilla Foundationfreebl3.dllMD5=E955B74FC4EC39B2FBA71B95F5785511,SHA256=AF895F69461521DC6DE09FA62D81F833D63D8559CA58FDBDACDDEBAF756FE717,IMPHASH=603677F758E7CEE100C502B5C0E50293trueMozilla CorporationValid 10341000x8000000000000000343896Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.161{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\lsasrv.dll+26e07|C:\Windows\system32\lsasrv.dll+27f99|C:\Windows\system32\lsasrv.dll+26c85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343895Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.161{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2bdcf|C:\Windows\system32\lsasrv.dll+26bcd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343894Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.159{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\softokn3.dll104.0.2-FirefoxMozilla Foundationsoftokn3.dllMD5=4E78CA1C6C19DE0E2F37505183B005A8,SHA256=ADFA856F86B98E90DA37A1BDA1ABC261A6A871042FB342F93F43C6777E9E3CE2,IMPHASH=8217C8B17239D6236F43DE3AC007B8A6trueMozilla CorporationValid 734700x8000000000000000343893Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.159{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\sspicli.dll10.0.14393.5006 (rs1_release.220301-1704)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=F0258C58C8DC45AF9B5AAF9BA49E0C53,SHA256=8E1EAA39742CC0E97D615229E9C13C8447B8D115B4678A1F03BE3E8E20345521,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x8000000000000000343892Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.155{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\userenv.dll10.0.14393.4583 (rs1_release.210730-1850)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=E0F286AF345442E267C33880492CED31,SHA256=5C6D66F5A748551999BE1CDE33A3A1FC2E10D1297EF275D232A9FDCC95BEA84B,IMPHASH=C84FC60AE2A79A06E8C46A6929CDECB4trueMicrosoft WindowsValid 734700x8000000000000000343891Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.155{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\softokn3.dll104.0.2-FirefoxMozilla Foundationsoftokn3.dllMD5=4E78CA1C6C19DE0E2F37505183B005A8,SHA256=ADFA856F86B98E90DA37A1BDA1ABC261A6A871042FB342F93F43C6777E9E3CE2,IMPHASH=8217C8B17239D6236F43DE3AC007B8A6trueMozilla CorporationValid 734700x8000000000000000343890Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.150{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 18141800x8000000000000000343889Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:26.150{6820D070-4D64-6323-ED00-000000007502}6140\LOCAL\cubeb-pipe-6140-35C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000343888Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:26.150{6820D070-4D64-6323-ED00-000000007502}6140\LOCAL\cubeb-pipe-6140-35C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000343887Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.150{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\shlwapi.dll10.0.14393.5125 (rs1_release.220429-1732)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=407E895A220DE1A60C5B555A113FE998,SHA256=FE184347784F83953457146562E0F6C87C8DA04D0288415465631325A2A98C92,IMPHASH=9F3DE8492A7F075320A36332ACC9CAAFtrueMicrosoft WindowsValid 734700x8000000000000000343886Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.149{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575,IMPHASH=CBD4A2FD581B65B4B1934DA291FA2B86trueMicrosoft WindowsValid 734700x8000000000000000343885Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.147{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\windows.storage.dll10.0.14393.5291 (rs1_release.220806-1444)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=AA86B65DCB0ECF7263B863DE2A4E8D00,SHA256=2C4E0CA21438A610DCC55E24190146254E959DC5B8A0DE00BE517365CCCB10FB,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 734700x8000000000000000343884Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.145{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\shell32.dll10.0.14393.5291 (rs1_release.220806-1444)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=D73641916AB4964C7FE9B4A37473A01B,SHA256=4BB60581FB93D73CDC4F1FBEA2DDACE5D16FE61B6E0E16622C326B6E2F407A7E,IMPHASH=2A461CACC80CB7AC077398BD06B4057AtrueMicrosoft WindowsValid 734700x8000000000000000343883Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.132{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704,IMPHASH=1835EBC72F9ADB09C6FCFABC04AC9C89trueMicrosoft WindowsValid 734700x8000000000000000343882Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.131{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winmmbase.dll10.0.14393.0 (rs1_release.160715-1616)Base Multimedia Extension API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMMbase.DLLMD5=24C1E8F8C10471C5A6F0E8AF141211EB,SHA256=75ECAE23C920D81614BA5C0648377C2FC04C7379FD6A388C244A81F50AAB7B1C,IMPHASH=0B9A3C99AAFA99247F9E2BD866186AEAtrueMicrosoft WindowsValid 734700x8000000000000000343881Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.118{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winmm.dll10.0.14393.0 (rs1_release.160715-1616)MCI API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMM.DLLMD5=F16410F5D557337B05CF4F93691EC106,SHA256=2B5BC3C0A6514356C6719298FC25D8D192A2C973EE3283EF48379D2745C9BD87,IMPHASH=9F0D37252D56D3F9E44E69CCC59B57AEtrueMicrosoft WindowsValid 10341000x8000000000000000343880Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.117{6820D070-4AD1-6323-1200-000000007502}3961540C:\Windows\system32\svchost.exe{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cd4|c:\windows\system32\fntcache.dll+17a6f|c:\windows\system32\fntcache.dll+1a637|c:\windows\system32\fntcache.dll+1aa6c|c:\windows\system32\fntcache.dll+501de|c:\windows\system32\fntcache.dll+4fee2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343879Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.114{6820D070-4AD1-6323-1200-000000007502}3961540C:\Windows\system32\svchost.exe{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cd4|c:\windows\system32\fntcache.dll+17a6f|c:\windows\system32\fntcache.dll+1a637|c:\windows\system32\fntcache.dll+1aa6c|c:\windows\system32\fntcache.dll+501de|c:\windows\system32\fntcache.dll+4fee2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343878Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.114{6820D070-4AD1-6323-1200-000000007502}3961540C:\Windows\system32\svchost.exe{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cd4|c:\windows\system32\fntcache.dll+17a6f|c:\windows\system32\fntcache.dll+1a637|c:\windows\system32\fntcache.dll+1aa6c|c:\windows\system32\fntcache.dll+501de|c:\windows\system32\fntcache.dll+4fee2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343877Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.112{6820D070-4AD1-6323-1200-000000007502}3961540C:\Windows\system32\svchost.exe{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cd4|c:\windows\system32\fntcache.dll+17a6f|c:\windows\system32\fntcache.dll+1a637|c:\windows\system32\fntcache.dll+1aa6c|c:\windows\system32\fntcache.dll+501de|c:\windows\system32\fntcache.dll+4fee2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343876Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.109{6820D070-4AD1-6323-1200-000000007502}3961540C:\Windows\system32\svchost.exe{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cd4|c:\windows\system32\fntcache.dll+17a6f|c:\windows\system32\fntcache.dll+1a637|c:\windows\system32\fntcache.dll+1aa6c|c:\windows\system32\fntcache.dll+501de|c:\windows\system32\fntcache.dll+4fee2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000343875Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:26.089{6820D070-4D64-6323-ED00-000000007502}6140\gecko.6140.5612.16229177289342416004C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000343874Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:26.089{6820D070-4D64-6323-ED00-000000007502}6140\gecko.6140.5612.16229177289342416004C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000343873Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.081{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+406b6|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+54cfb|C:\Windows\System32\RPCRT4.dll+533da|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343872Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.080{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\freebl3.dll104.0.2-FirefoxMozilla Foundationfreebl3.dllMD5=E955B74FC4EC39B2FBA71B95F5785511,SHA256=AF895F69461521DC6DE09FA62D81F833D63D8559CA58FDBDACDDEBAF756FE717,IMPHASH=603677F758E7CEE100C502B5C0E50293trueMozilla CorporationValid 734700x8000000000000000343871Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.079{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntmarta.dll10.0.14393.0 (rs1_release.160715-1616)Windows NT MARTA providerMicrosoft® Windows® Operating SystemMicrosoft Corporationntmarta.dllMD5=854A3CAE7C97B630158C9F7EE8555970,SHA256=20F0A4D99C5095A0CAC39B816BFC987F64CD051843C79E027714666375986176,IMPHASH=98050D95AE15C8382F287539F2BF65FAtrueMicrosoft WindowsValid 734700x8000000000000000343870Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.079{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\softokn3.dll104.0.2-FirefoxMozilla Foundationsoftokn3.dllMD5=4E78CA1C6C19DE0E2F37505183B005A8,SHA256=ADFA856F86B98E90DA37A1BDA1ABC261A6A871042FB342F93F43C6777E9E3CE2,IMPHASH=8217C8B17239D6236F43DE3AC007B8A6trueMozilla CorporationValid 734700x8000000000000000343869Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.078{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12,IMPHASH=67E6A4C8E164C0229E3FF1626F1894C6trueMicrosoft WindowsValid 734700x8000000000000000343868Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.077{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x8000000000000000343867Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.075{6820D070-4D64-6323-ED00-000000007502}61405612C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1a81b5a|C:\Program Files\Mozilla Firefox\xul.dll+1a7f91c|C:\Program Files\Mozilla Firefox\xul.dll+12cb5|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+127e7|C:\Program Files\Mozilla Firefox\xul.dll+9e0231|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343866Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.074{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\DWrite.dll10.0.14393.4704 (rs1_release.211004-1917)Microsoft DirectX Typography ServicesMicrosoft® Windows® Operating SystemMicrosoft CorporationDWriteMD5=E6024B83C3D336E71E636E2816A0F6C6,SHA256=6BCFB676656A149E0307D6BA0AEE58FA6057BB8A920B57505CD2B90C8968DF94,IMPHASH=4DF173E853B52F621D05CC337B9F72CEtrueMicrosoft WindowsValid 18141800x8000000000000000343865Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:26.074{6820D070-4D64-6323-ED00-000000007502}6140\chrome.6140.39.22602867C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000343864Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.071{6820D070-4AD1-6323-1200-000000007502}3961540C:\Windows\system32\svchost.exe{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cd4|c:\windows\system32\fntcache.dll+17a6f|c:\windows\system32\fntcache.dll+1a637|c:\windows\system32\fntcache.dll+1aa6c|c:\windows\system32\fntcache.dll+501de|c:\windows\system32\fntcache.dll+4fee2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343863Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.069{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\freebl3.dll104.0.2-FirefoxMozilla Foundationfreebl3.dllMD5=E955B74FC4EC39B2FBA71B95F5785511,SHA256=AF895F69461521DC6DE09FA62D81F833D63D8559CA58FDBDACDDEBAF756FE717,IMPHASH=603677F758E7CEE100C502B5C0E50293trueMozilla CorporationValid 734700x8000000000000000343862Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.068{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\softokn3.dll104.0.2-FirefoxMozilla Foundationsoftokn3.dllMD5=4E78CA1C6C19DE0E2F37505183B005A8,SHA256=ADFA856F86B98E90DA37A1BDA1ABC261A6A871042FB342F93F43C6777E9E3CE2,IMPHASH=8217C8B17239D6236F43DE3AC007B8A6trueMozilla CorporationValid 734700x8000000000000000343861Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.067{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\DWrite.dll10.0.14393.4704 (rs1_release.211004-1917)Microsoft DirectX Typography ServicesMicrosoft® Windows® Operating SystemMicrosoft CorporationDWriteMD5=E6024B83C3D336E71E636E2816A0F6C6,SHA256=6BCFB676656A149E0307D6BA0AEE58FA6057BB8A920B57505CD2B90C8968DF94,IMPHASH=4DF173E853B52F621D05CC337B9F72CEtrueMicrosoft WindowsValid 734700x8000000000000000343860Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.066{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\DWrite.dll10.0.14393.4704 (rs1_release.211004-1917)Microsoft DirectX Typography ServicesMicrosoft® Windows® Operating SystemMicrosoft CorporationDWriteMD5=E6024B83C3D336E71E636E2816A0F6C6,SHA256=6BCFB676656A149E0307D6BA0AEE58FA6057BB8A920B57505CD2B90C8968DF94,IMPHASH=4DF173E853B52F621D05CC337B9F72CEtrueMicrosoft WindowsValid 734700x8000000000000000343859Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.063{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\devobj.dll10.0.14393.0 (rs1_release.160715-1616)Device Information Set DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationdevinfoset.DLLMD5=72AD993A6E896EB50058A73D045F3284,SHA256=CFF524F52D5F91788F34A47076E0CA36132890981079B27F559279B3F6FC3B11,IMPHASH=DFDCA72C641F8587ADF49CA0ED1D5817trueMicrosoft WindowsValid 734700x8000000000000000343858Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.063{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\devobj.dll10.0.14393.0 (rs1_release.160715-1616)Device Information Set DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationdevinfoset.DLLMD5=72AD993A6E896EB50058A73D045F3284,SHA256=CFF524F52D5F91788F34A47076E0CA36132890981079B27F559279B3F6FC3B11,IMPHASH=DFDCA72C641F8587ADF49CA0ED1D5817trueMicrosoft WindowsValid 734700x8000000000000000343857Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.054{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\setupapi.dll10.0.14393.2608 (rs1_release.181024-1742)Windows Setup APIMicrosoft® Windows® Operating SystemMicrosoft CorporationSETUPAPI.DLLMD5=8EEA3E9E124AC395915517588723F12E,SHA256=ED63B8F0079069271F46EECCB4B0CF384D02BD1E18FE3BA635A0C0B1284B2CBE,IMPHASH=5910ADAAC44A92AFA6ED871531949CEEtrueMicrosoft WindowsValid 734700x8000000000000000343856Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.049{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\devobj.dll10.0.14393.0 (rs1_release.160715-1616)Device Information Set DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationdevinfoset.DLLMD5=72AD993A6E896EB50058A73D045F3284,SHA256=CFF524F52D5F91788F34A47076E0CA36132890981079B27F559279B3F6FC3B11,IMPHASH=DFDCA72C641F8587ADF49CA0ED1D5817trueMicrosoft WindowsValid 734700x8000000000000000343855Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.049{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\setupapi.dll10.0.14393.2608 (rs1_release.181024-1742)Windows Setup APIMicrosoft® Windows® Operating SystemMicrosoft CorporationSETUPAPI.DLLMD5=8EEA3E9E124AC395915517588723F12E,SHA256=ED63B8F0079069271F46EECCB4B0CF384D02BD1E18FE3BA635A0C0B1284B2CBE,IMPHASH=5910ADAAC44A92AFA6ED871531949CEEtrueMicrosoft WindowsValid 734700x8000000000000000343854Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.043{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ole32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=EB53D1BF6E1667C8727EBBB5D5A862ED,SHA256=2B3D48DFA43A284B1C66A8A98B0A48104133D86EEEB2E8E060BE2281CF476348,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 10341000x8000000000000000343853Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.042{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\lsasrv.dll+26e07|C:\Windows\system32\lsasrv.dll+27f99|C:\Windows\system32\lsasrv.dll+26c85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343852Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.042{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2bdcf|C:\Windows\system32\lsasrv.dll+26bcd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343851Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.042{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ole32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=EB53D1BF6E1667C8727EBBB5D5A862ED,SHA256=2B3D48DFA43A284B1C66A8A98B0A48104133D86EEEB2E8E060BE2281CF476348,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000343850Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.042{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\sspicli.dll10.0.14393.5006 (rs1_release.220301-1704)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=F0258C58C8DC45AF9B5AAF9BA49E0C53,SHA256=8E1EAA39742CC0E97D615229E9C13C8447B8D115B4678A1F03BE3E8E20345521,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 10341000x8000000000000000343849Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.041{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\lsasrv.dll+26e07|C:\Windows\system32\lsasrv.dll+27f99|C:\Windows\system32\lsasrv.dll+26c85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343848Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.041{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2bdcf|C:\Windows\system32\lsasrv.dll+26bcd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343847Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.040{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\sspicli.dll10.0.14393.5006 (rs1_release.220301-1704)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=F0258C58C8DC45AF9B5AAF9BA49E0C53,SHA256=8E1EAA39742CC0E97D615229E9C13C8447B8D115B4678A1F03BE3E8E20345521,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x8000000000000000343846Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.040{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\setupapi.dll10.0.14393.2608 (rs1_release.181024-1742)Windows Setup APIMicrosoft® Windows® Operating SystemMicrosoft CorporationSETUPAPI.DLLMD5=8EEA3E9E124AC395915517588723F12E,SHA256=ED63B8F0079069271F46EECCB4B0CF384D02BD1E18FE3BA635A0C0B1284B2CBE,IMPHASH=5910ADAAC44A92AFA6ED871531949CEEtrueMicrosoft WindowsValid 734700x8000000000000000343845Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.040{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\userenv.dll10.0.14393.4583 (rs1_release.210730-1850)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=E0F286AF345442E267C33880492CED31,SHA256=5C6D66F5A748551999BE1CDE33A3A1FC2E10D1297EF275D232A9FDCC95BEA84B,IMPHASH=C84FC60AE2A79A06E8C46A6929CDECB4trueMicrosoft WindowsValid 10341000x8000000000000000343844Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.038{6820D070-4AD1-6323-1200-000000007502}3961540C:\Windows\system32\svchost.exe{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cd4|c:\windows\system32\fntcache.dll+17a6f|c:\windows\system32\fntcache.dll+1a637|c:\windows\system32\fntcache.dll+1aa6c|c:\windows\system32\fntcache.dll+501de|c:\windows\system32\fntcache.dll+4fee2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343843Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.037{6820D070-4AD1-6323-1200-000000007502}3961540C:\Windows\system32\svchost.exe{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cd4|c:\windows\system32\fntcache.dll+17a6f|c:\windows\system32\fntcache.dll+1a637|c:\windows\system32\fntcache.dll+1aa6c|c:\windows\system32\fntcache.dll+501de|c:\windows\system32\fntcache.dll+4fee2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343842Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.036{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ole32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=EB53D1BF6E1667C8727EBBB5D5A862ED,SHA256=2B3D48DFA43A284B1C66A8A98B0A48104133D86EEEB2E8E060BE2281CF476348,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000343841Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.035{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 734700x8000000000000000343840Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.034{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\shlwapi.dll10.0.14393.5125 (rs1_release.220429-1732)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=407E895A220DE1A60C5B555A113FE998,SHA256=FE184347784F83953457146562E0F6C87C8DA04D0288415465631325A2A98C92,IMPHASH=9F3DE8492A7F075320A36332ACC9CAAFtrueMicrosoft WindowsValid 734700x8000000000000000343839Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.034{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575,IMPHASH=CBD4A2FD581B65B4B1934DA291FA2B86trueMicrosoft WindowsValid 10341000x8000000000000000343838Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.032{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343837Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.031{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343836Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.031{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\windows.storage.dll10.0.14393.5291 (rs1_release.220806-1444)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=AA86B65DCB0ECF7263B863DE2A4E8D00,SHA256=2C4E0CA21438A610DCC55E24190146254E959DC5B8A0DE00BE517365CCCB10FB,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 10341000x8000000000000000343835Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.031{6820D070-4D64-6323-ED00-000000007502}61404084C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+114dfb|C:\Program Files\Mozilla Firefox\xul.dll+12ee2b1|C:\Windows\SYSTEM32\ntdll.dll+7f61d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed13|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000343834Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:26.030{6820D070-4D64-6323-ED00-000000007502}6140\gecko-crash-server-pipe.6140C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000343833Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.028{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\shell32.dll10.0.14393.5291 (rs1_release.220806-1444)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=D73641916AB4964C7FE9B4A37473A01B,SHA256=4BB60581FB93D73CDC4F1FBEA2DDACE5D16FE61B6E0E16622C326B6E2F407A7E,IMPHASH=2A461CACC80CB7AC077398BD06B4057AtrueMicrosoft WindowsValid 18141800x8000000000000000343832Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:26.024{6820D070-4D64-6323-ED00-000000007502}6140\LOCAL\cubeb-pipe-6140-34C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000343831Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:26.024{6820D070-4D64-6323-ED00-000000007502}6140\LOCAL\cubeb-pipe-6140-34C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000343830Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.023{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\version.dll10.0.14393.0 (rs1_release.160715-1616)Version Checking and File Installation LibrariesMicrosoft® Windows® Operating SystemMicrosoft CorporationVERSION.DLLMD5=CFDB018AC09F879CAAE7A66CA7880D57,SHA256=6AB95FD0D142CFFC3B9455AF51F003E1CD75B7F4323820390B975F9E1C8A47A5,IMPHASH=9A7C66851249D4CED6C2C9096DCA243BtrueMicrosoft WindowsValid 734700x8000000000000000343829Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.023{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\SHCore.dll10.0.14393.5066 (rs1_release.220401-1841)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=FC58D75DDAF44088B9101BE2418B1967,SHA256=74A0CCA04F2405A329897A6A1A3E90A0CE48E5772F85E7188C75677CD9D78160,IMPHASH=3C09BDCE2388320645D7656AE2AC744CtrueMicrosoft WindowsValid 734700x8000000000000000343828Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.022{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\userenv.dll10.0.14393.4583 (rs1_release.210730-1850)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=E0F286AF345442E267C33880492CED31,SHA256=5C6D66F5A748551999BE1CDE33A3A1FC2E10D1297EF275D232A9FDCC95BEA84B,IMPHASH=C84FC60AE2A79A06E8C46A6929CDECB4trueMicrosoft WindowsValid 734700x8000000000000000343827Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.022{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\DWrite.dll10.0.14393.4704 (rs1_release.211004-1917)Microsoft DirectX Typography ServicesMicrosoft® Windows® Operating SystemMicrosoft CorporationDWriteMD5=E6024B83C3D336E71E636E2816A0F6C6,SHA256=6BCFB676656A149E0307D6BA0AEE58FA6057BB8A920B57505CD2B90C8968DF94,IMPHASH=4DF173E853B52F621D05CC337B9F72CEtrueMicrosoft WindowsValid 734700x8000000000000000343826Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.022{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\combase.dll10.0.14393.5192 (rs1_release.220610-1622)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=336FBB55FF4D4E5A05343A51C98A8F74,SHA256=FD42EBCB39DD4311FA7515010FF4D08AC4DFF7D5C35FCB23207833ED4C2E8444,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 10341000x8000000000000000343825Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.018{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\lsasrv.dll+26e07|C:\Windows\system32\lsasrv.dll+27f99|C:\Windows\system32\lsasrv.dll+26c85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343824Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.018{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2bdcf|C:\Windows\system32\lsasrv.dll+26bcd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343823Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.017{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000343822Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.017{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\devobj.dll10.0.14393.0 (rs1_release.160715-1616)Device Information Set DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationdevinfoset.DLLMD5=72AD993A6E896EB50058A73D045F3284,SHA256=CFF524F52D5F91788F34A47076E0CA36132890981079B27F559279B3F6FC3B11,IMPHASH=DFDCA72C641F8587ADF49CA0ED1D5817trueMicrosoft WindowsValid 734700x8000000000000000343821Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.017{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000343820Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.017{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36,IMPHASH=FF25576501EAFD13671A6D5075C4513EtrueMicrosoft WindowsValid 734700x8000000000000000343819Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.016{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000343818Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.015{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wintrust.dll10.0.14393.5125 (rs1_release.220429-1732)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=55FCE44E89BDA2444619661FE50F43EE,SHA256=420CACA0D821E7E9F1D1E683E9899BC2F6D5A4AA06C8D4BB23335DD9490CC0F8,IMPHASH=8B8383FC3FA03C92F859A2AF899A52ADtrueMicrosoft WindowsValid 734700x8000000000000000343817Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.015{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll104.0.2-FirefoxMozilla Foundationxul.dllMD5=0A51F22D078855CE4E32F0987E9B06C6,SHA256=CD073C7F42A13D192E8E96AC16B0C2BE56D40424768DC65733380AB4AFBD4716,IMPHASH=9A9A84C657A1B1C5F1F6F1989D349543trueMozilla CorporationValid 734700x8000000000000000343816Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.014{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 734700x8000000000000000343815Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.014{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\lgpllibs.dll104.0.2-FirefoxMozilla Foundationlgpllibs.dllMD5=8A81C934123E7CA79B7A1741570D3336,SHA256=0A0F351BBB315E6364398A55F77607E57C29CB83BEE9FC6D7EA6DC3D761964DA,IMPHASH=451AECEA9F58042E76D96A82BE2804FAtrueMozilla CorporationValid 734700x8000000000000000343814Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.013{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\shlwapi.dll10.0.14393.5125 (rs1_release.220429-1732)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=407E895A220DE1A60C5B555A113FE998,SHA256=FE184347784F83953457146562E0F6C87C8DA04D0288415465631325A2A98C92,IMPHASH=9F3DE8492A7F075320A36332ACC9CAAFtrueMicrosoft WindowsValid 734700x8000000000000000343813Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.013{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704,IMPHASH=1835EBC72F9ADB09C6FCFABC04AC9C89trueMicrosoft WindowsValid 734700x8000000000000000343812Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.013{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wsock32.dll10.0.14393.0 (rs1_release.160715-1616)Windows Socket 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationwsock32.dllMD5=9471D5E2FEDF5552440BF935143DFAB0,SHA256=B489197F05EFFFB17F10FA9942DB88100C86BEB8291F9ACC8EB38BEF751BF90D,IMPHASH=6D33A1BDF842DEBFB889C44A830190E7trueMicrosoft WindowsValid 734700x8000000000000000343811Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.013{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winmmbase.dll10.0.14393.0 (rs1_release.160715-1616)Base Multimedia Extension API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMMbase.DLLMD5=24C1E8F8C10471C5A6F0E8AF141211EB,SHA256=75ECAE23C920D81614BA5C0648377C2FC04C7379FD6A388C244A81F50AAB7B1C,IMPHASH=0B9A3C99AAFA99247F9E2BD866186AEAtrueMicrosoft WindowsValid 734700x8000000000000000343810Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.012{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000343809Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.012{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winmm.dll10.0.14393.0 (rs1_release.160715-1616)MCI API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMM.DLLMD5=F16410F5D557337B05CF4F93691EC106,SHA256=2B5BC3C0A6514356C6719298FC25D8D192A2C973EE3283EF48379D2745C9BD87,IMPHASH=9F0D37252D56D3F9E44E69CCC59B57AEtrueMicrosoft WindowsValid 734700x8000000000000000343808Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.011{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\rpcrt4.dll10.0.14393.5291 (rs1_release.220806-1444)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=F8550606B41FF309D9A1DC76BB4EE875,SHA256=A1FFDD6A2EDA9E0CF047C74B00649A2EA228E3B8BDE1761C66879FA40335C2EB,IMPHASH=C4246EC3F13C64466ED4274DBAA3B132trueMicrosoft WindowsValid 734700x8000000000000000343807Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.011{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\sechost.dll10.0.14393.5006 (rs1_release.220301-1704)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=9F0F4C38A22FC9FFB8814F77A9563680,SHA256=E9ABDA1063716301F5D06DBC94D6A35B3F53A14B946525E5F764485132DB6166,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000343806Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.011{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000343805Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.010{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575,IMPHASH=CBD4A2FD581B65B4B1934DA291FA2B86trueMicrosoft WindowsValid 734700x8000000000000000343804Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.010{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\advapi32.dll10.0.14393.4886 (rs1_release.220104-1735)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=C42106182CCA611F629E46981D1A0EEA,SHA256=68C134F95A8D38AE84545C8D581F4BF808B6C9D97513EA3CABF019C66419CBAE,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x8000000000000000343803Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.010{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\nss3.dll104.0.2-FirefoxMozilla Foundationnss3.dllMD5=53509A4511300964ADB047AD5F1F1170,SHA256=2241536476C6C2CCE371DCFB08432C351198809A577FFC2E79D27FCEAAB6FEE5,IMPHASH=C637BF48786E5FC945D5268F49B50500trueMozilla CorporationValid 734700x8000000000000000343802Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.009{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\windows.storage.dll10.0.14393.5291 (rs1_release.220806-1444)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=AA86B65DCB0ECF7263B863DE2A4E8D00,SHA256=2C4E0CA21438A610DCC55E24190146254E959DC5B8A0DE00BE517365CCCB10FB,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 734700x8000000000000000343801Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.007{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\shell32.dll10.0.14393.5291 (rs1_release.220806-1444)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=D73641916AB4964C7FE9B4A37473A01B,SHA256=4BB60581FB93D73CDC4F1FBEA2DDACE5D16FE61B6E0E16622C326B6E2F407A7E,IMPHASH=2A461CACC80CB7AC077398BD06B4057AtrueMicrosoft WindowsValid 734700x8000000000000000343800Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.007{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\freebl3.dll104.0.2-FirefoxMozilla Foundationfreebl3.dllMD5=E955B74FC4EC39B2FBA71B95F5785511,SHA256=AF895F69461521DC6DE09FA62D81F833D63D8559CA58FDBDACDDEBAF756FE717,IMPHASH=603677F758E7CEE100C502B5C0E50293trueMozilla CorporationValid 734700x8000000000000000343799Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.006{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 734700x8000000000000000343798Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.006{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\sspicli.dll10.0.14393.5006 (rs1_release.220301-1704)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=F0258C58C8DC45AF9B5AAF9BA49E0C53,SHA256=8E1EAA39742CC0E97D615229E9C13C8447B8D115B4678A1F03BE3E8E20345521,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 10341000x8000000000000000343797Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.005{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343796Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.005{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343795Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.005{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\gdi32full.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F284A98093B423946252259D7D2857D3,SHA256=193F70529B68EF108EA17ABC069E6DACF4541A547DF1D2F249F7555A58BCFA07,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000343794Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.005{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000343793Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.004{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\userenv.dll10.0.14393.4583 (rs1_release.210730-1850)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=E0F286AF345442E267C33880492CED31,SHA256=5C6D66F5A748551999BE1CDE33A3A1FC2E10D1297EF275D232A9FDCC95BEA84B,IMPHASH=C84FC60AE2A79A06E8C46A6929CDECB4trueMicrosoft WindowsValid 734700x8000000000000000343792Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.002{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\softokn3.dll104.0.2-FirefoxMozilla Foundationsoftokn3.dllMD5=4E78CA1C6C19DE0E2F37505183B005A8,SHA256=ADFA856F86B98E90DA37A1BDA1ABC261A6A871042FB342F93F43C6777E9E3CE2,IMPHASH=8217C8B17239D6236F43DE3AC007B8A6trueMozilla CorporationValid 10341000x8000000000000000343791Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.002{6820D070-4AD1-6323-1200-000000007502}3961540C:\Windows\system32\svchost.exe{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cd4|c:\windows\system32\fntcache.dll+17a6f|c:\windows\system32\fntcache.dll+1a637|c:\windows\system32\fntcache.dll+1aa6c|c:\windows\system32\fntcache.dll+501de|c:\windows\system32\fntcache.dll+4fee2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343790Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.001{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 10341000x8000000000000000343789Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.001{6820D070-4AD1-6323-1200-000000007502}3961540C:\Windows\system32\svchost.exe{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cd4|c:\windows\system32\fntcache.dll+17a6f|c:\windows\system32\fntcache.dll+1a637|c:\windows\system32\fntcache.dll+1aa6c|c:\windows\system32\fntcache.dll+501de|c:\windows\system32\fntcache.dll+4fee2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343788Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.000{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\shlwapi.dll10.0.14393.5125 (rs1_release.220429-1732)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=407E895A220DE1A60C5B555A113FE998,SHA256=FE184347784F83953457146562E0F6C87C8DA04D0288415465631325A2A98C92,IMPHASH=9F3DE8492A7F075320A36332ACC9CAAFtrueMicrosoft WindowsValid 734700x8000000000000000343787Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.000{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575,IMPHASH=CBD4A2FD581B65B4B1934DA291FA2B86trueMicrosoft WindowsValid 734700x8000000000000000343786Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.999{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\windows.storage.dll10.0.14393.5291 (rs1_release.220806-1444)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=AA86B65DCB0ECF7263B863DE2A4E8D00,SHA256=2C4E0CA21438A610DCC55E24190146254E959DC5B8A0DE00BE517365CCCB10FB,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 734700x8000000000000000343785Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.998{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000343784Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.998{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\setupapi.dll10.0.14393.2608 (rs1_release.181024-1742)Windows Setup APIMicrosoft® Windows® Operating SystemMicrosoft CorporationSETUPAPI.DLLMD5=8EEA3E9E124AC395915517588723F12E,SHA256=ED63B8F0079069271F46EECCB4B0CF384D02BD1E18FE3BA635A0C0B1284B2CBE,IMPHASH=5910ADAAC44A92AFA6ED871531949CEEtrueMicrosoft WindowsValid 734700x8000000000000000343783Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.997{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\shell32.dll10.0.14393.5291 (rs1_release.220806-1444)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=D73641916AB4964C7FE9B4A37473A01B,SHA256=4BB60581FB93D73CDC4F1FBEA2DDACE5D16FE61B6E0E16622C326B6E2F407A7E,IMPHASH=2A461CACC80CB7AC077398BD06B4057AtrueMicrosoft WindowsValid 734700x8000000000000000343782Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.997{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000343781Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.996{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\DWrite.dll10.0.14393.4704 (rs1_release.211004-1917)Microsoft DirectX Typography ServicesMicrosoft® Windows® Operating SystemMicrosoft CorporationDWriteMD5=E6024B83C3D336E71E636E2816A0F6C6,SHA256=6BCFB676656A149E0307D6BA0AEE58FA6057BB8A920B57505CD2B90C8968DF94,IMPHASH=4DF173E853B52F621D05CC337B9F72CEtrueMicrosoft WindowsValid 734700x8000000000000000343780Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.995{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4770 (rs1_release.211101-1440)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=54417B63FB3760BC6DBC5DB1BDA4C272,SHA256=B7A8B457B252AB949C067D5FCFEFB2AE98E9115B958D2A0FC120D7B13B3E9FAD,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000343779Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.995{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000343778Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.992{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\devobj.dll10.0.14393.0 (rs1_release.160715-1616)Device Information Set DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationdevinfoset.DLLMD5=72AD993A6E896EB50058A73D045F3284,SHA256=CFF524F52D5F91788F34A47076E0CA36132890981079B27F559279B3F6FC3B11,IMPHASH=DFDCA72C641F8587ADF49CA0ED1D5817trueMicrosoft WindowsValid 18141800x8000000000000000343777Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:25.992{6820D070-4D64-6323-ED00-000000007502}6140\LOCAL\cubeb-pipe-6140-33C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000343776Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:25.992{6820D070-4D64-6323-ED00-000000007502}6140\LOCAL\cubeb-pipe-6140-33C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000343775Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.991{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\setupapi.dll10.0.14393.2608 (rs1_release.181024-1742)Windows Setup APIMicrosoft® Windows® Operating SystemMicrosoft CorporationSETUPAPI.DLLMD5=8EEA3E9E124AC395915517588723F12E,SHA256=ED63B8F0079069271F46EECCB4B0CF384D02BD1E18FE3BA635A0C0B1284B2CBE,IMPHASH=5910ADAAC44A92AFA6ED871531949CEEtrueMicrosoft WindowsValid 734700x8000000000000000343774Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.990{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ole32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=EB53D1BF6E1667C8727EBBB5D5A862ED,SHA256=2B3D48DFA43A284B1C66A8A98B0A48104133D86EEEB2E8E060BE2281CF476348,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000343773Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.990{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\vcruntime140_1.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140_1.dllMD5=135359D350F72AD4BF716B764D39E749,SHA256=34048ABAA070ECC13B318CEA31425F4CA3EDD133D350318AC65259E6058C8B32,IMPHASH=AE0BDE6314FA2027B54CE04898F6AB69trueMicrosoft CorporationValid 734700x8000000000000000343772Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.989{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\vcruntime140.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140.dllMD5=F34EB034AA4A9735218686590CBA2E8B,SHA256=9D2B40F0395CC5D1B4D5EA17B84970C29971D448C37104676DB577586D4AD1B1,IMPHASH=44C3854843F7A3FCCDF8DDBBEA66F302trueMicrosoft CorporationValid 10341000x8000000000000000343771Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.989{6820D070-4ACF-6323-0B00-000000007502}620668C:\Windows\system32\lsass.exe{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\lsasrv.dll+26e07|C:\Windows\system32\lsasrv.dll+27f99|C:\Windows\system32\lsasrv.dll+26c85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343770Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.989{6820D070-4ACF-6323-0B00-000000007502}620668C:\Windows\system32\lsass.exe{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2bdcf|C:\Windows\system32\lsasrv.dll+26bcd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000343769Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:25.988{6820D070-4D64-6323-ED00-000000007502}6140\LOCAL\cubeb-pipe-6140-32C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000343768Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:25.988{6820D070-4D64-6323-ED00-000000007502}6140\LOCAL\cubeb-pipe-6140-32C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000343767Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.988{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp140.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationmsvcp140.dllMD5=6DA7F4530EDB350CF9D967D969CCECF8,SHA256=9FEE6F36547D6F6EA7CA0338655555DBA6BB0F798BC60334D29B94D1547DA4DA,IMPHASH=2BA11FD5A511C8A409E705E9AB6B5DC1trueMicrosoft CorporationValid 734700x8000000000000000343766Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.987{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242,IMPHASH=B6562243FBF394F03046E917C719260FtrueMicrosoft WindowsValid 10341000x8000000000000000343765Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.987{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+406b6|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+54cfb|C:\Windows\System32\RPCRT4.dll+533da|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343764Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.987{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704,IMPHASH=1835EBC72F9ADB09C6FCFABC04AC9C89trueMicrosoft WindowsValid 734700x8000000000000000343763Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.986{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\sspicli.dll10.0.14393.5006 (rs1_release.220301-1704)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=F0258C58C8DC45AF9B5AAF9BA49E0C53,SHA256=8E1EAA39742CC0E97D615229E9C13C8447B8D115B4678A1F03BE3E8E20345521,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x8000000000000000343762Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.986{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\crypt32.dll10.0.14393.5291 (rs1_release.220806-1444)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=0D54B119907CCD11827832973EAB917D,SHA256=78C28A0165B0A2581662CFB3A89E319006518DC2E1A664E6027C7F8EBFA05D92,IMPHASH=42B269CD88D7BD841B43BB1788792A62trueMicrosoft WindowsValid 734700x8000000000000000343761Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.985{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\mozglue.dll104.0.2-FirefoxMozilla Foundationmozglue.dllMD5=D81C40EAA529D675598BD3D88F4D273B,SHA256=F89754F1E16A89AF01B5A3B2F4FDE652AA14DBA3131FB9A831D1E51E2E4D9359,IMPHASH=59035CC8561E9C04E566E656F35B9519trueMozilla CorporationValid 734700x8000000000000000343760Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.983{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ole32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=EB53D1BF6E1667C8727EBBB5D5A862ED,SHA256=2B3D48DFA43A284B1C66A8A98B0A48104133D86EEEB2E8E060BE2281CF476348,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 10341000x8000000000000000343759Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.981{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\lsasrv.dll+26e07|C:\Windows\system32\lsasrv.dll+27f99|C:\Windows\system32\lsasrv.dll+26c85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343758Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.981{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2bdcf|C:\Windows\system32\lsasrv.dll+26bcd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343757Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.981{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\userenv.dll10.0.14393.4583 (rs1_release.210730-1850)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=E0F286AF345442E267C33880492CED31,SHA256=5C6D66F5A748551999BE1CDE33A3A1FC2E10D1297EF275D232A9FDCC95BEA84B,IMPHASH=C84FC60AE2A79A06E8C46A6929CDECB4trueMicrosoft WindowsValid 734700x8000000000000000343756Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.981{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\sspicli.dll10.0.14393.5006 (rs1_release.220301-1704)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=F0258C58C8DC45AF9B5AAF9BA49E0C53,SHA256=8E1EAA39742CC0E97D615229E9C13C8447B8D115B4678A1F03BE3E8E20345521,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x8000000000000000343755Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.979{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000343754Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.979{6820D070-4DF7-6323-1801-000000007502}6996C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\mswsock.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft Windows Sockets 2.0 Service ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationmswsock.dllMD5=B52ACA309FD6F72105951FFBA022327B,SHA256=02AB6CCE4BF0D3F075D5E982F5A4CBDB514CE7C245EA474D7846A86CD3F13202,IMPHASH=0E9C1FA273A5EFD763FAC8E145B20C80trueMicrosoft WindowsValid 734700x8000000000000000343753Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.974{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\userenv.dll10.0.14393.4583 (rs1_release.210730-1850)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=E0F286AF345442E267C33880492CED31,SHA256=5C6D66F5A748551999BE1CDE33A3A1FC2E10D1297EF275D232A9FDCC95BEA84B,IMPHASH=C84FC60AE2A79A06E8C46A6929CDECB4trueMicrosoft WindowsValid 734700x8000000000000000343752Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.971{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 734700x8000000000000000343751Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.969{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 734700x8000000000000000343750Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.968{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704,IMPHASH=1835EBC72F9ADB09C6FCFABC04AC9C89trueMicrosoft WindowsValid 734700x8000000000000000343749Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.967{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winmmbase.dll10.0.14393.0 (rs1_release.160715-1616)Base Multimedia Extension API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMMbase.DLLMD5=24C1E8F8C10471C5A6F0E8AF141211EB,SHA256=75ECAE23C920D81614BA5C0648377C2FC04C7379FD6A388C244A81F50AAB7B1C,IMPHASH=0B9A3C99AAFA99247F9E2BD866186AEAtrueMicrosoft WindowsValid 734700x8000000000000000343748Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.967{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\shlwapi.dll10.0.14393.5125 (rs1_release.220429-1732)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=407E895A220DE1A60C5B555A113FE998,SHA256=FE184347784F83953457146562E0F6C87C8DA04D0288415465631325A2A98C92,IMPHASH=9F3DE8492A7F075320A36332ACC9CAAFtrueMicrosoft WindowsValid 734700x8000000000000000343747Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.966{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575,IMPHASH=CBD4A2FD581B65B4B1934DA291FA2B86trueMicrosoft WindowsValid 734700x8000000000000000343746Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.966{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winmmbase.dll10.0.14393.0 (rs1_release.160715-1616)Base Multimedia Extension API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMMbase.DLLMD5=24C1E8F8C10471C5A6F0E8AF141211EB,SHA256=75ECAE23C920D81614BA5C0648377C2FC04C7379FD6A388C244A81F50AAB7B1C,IMPHASH=0B9A3C99AAFA99247F9E2BD866186AEAtrueMicrosoft WindowsValid 10341000x8000000000000000343745Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.966{6820D070-4D64-6323-ED00-000000007502}61404264C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+27040|C:\Program Files\Mozilla Firefox\xul.dll+e7c824|C:\Program Files\Mozilla Firefox\xul.dll+e76539|C:\Program Files\Mozilla Firefox\xul.dll+e6774a|C:\Program Files\Mozilla Firefox\xul.dll+378cdc3|C:\Program Files\Mozilla Firefox\xul.dll+7c6334|C:\Program Files\Mozilla Firefox\xul.dll+1a629d7|C:\Program Files\Mozilla Firefox\xul.dll+17b18ec|C:\Program Files\Mozilla Firefox\xul.dll+1a88fb4|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+1fc8e|C:\Program Files\Mozilla Firefox\xul.dll+180dd8|C:\Program Files\Mozilla Firefox\xul.dll+17fd52|C:\Program Files\Mozilla Firefox\xul.dll+44a9b51|C:\Program Files\Mozilla Firefox\xul.dll+4511b42|C:\Program Files\Mozilla Firefox\xul.dll+451296c|C:\Program Files\Mozilla Firefox\xul.dll+1f8be23|C:\Program Files\Mozilla Firefox\firefox.exe+19db6|C:\Program Files\Mozilla Firefox\firefox.exe+27d18|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343744Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.966{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\shlwapi.dll10.0.14393.5125 (rs1_release.220429-1732)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=407E895A220DE1A60C5B555A113FE998,SHA256=FE184347784F83953457146562E0F6C87C8DA04D0288415465631325A2A98C92,IMPHASH=9F3DE8492A7F075320A36332ACC9CAAFtrueMicrosoft WindowsValid 734700x8000000000000000343743Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.966{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\KernelBase.dll10.0.14393.5246 (rs1_release.220701-1744)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=96EFBE3DB6300BB13E0720809302FF9F,SHA256=2DE51A861E8D47D75730027E8BD70554363E10449EC258527C491EE8D4A57C2F,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000343742Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.965{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\windows.storage.dll10.0.14393.5291 (rs1_release.220806-1444)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=AA86B65DCB0ECF7263B863DE2A4E8D00,SHA256=2C4E0CA21438A610DCC55E24190146254E959DC5B8A0DE00BE517365CCCB10FB,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 734700x8000000000000000343741Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.965{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\shell32.dll10.0.14393.5291 (rs1_release.220806-1444)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=D73641916AB4964C7FE9B4A37473A01B,SHA256=4BB60581FB93D73CDC4F1FBEA2DDACE5D16FE61B6E0E16622C326B6E2F407A7E,IMPHASH=2A461CACC80CB7AC077398BD06B4057AtrueMicrosoft WindowsValid 734700x8000000000000000343740Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.964{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=92D599E644B89C0F9E7DDB55762EBEA6,SHA256=F32D28EE73EADAF9EF3F30145FA3C52B88DF47236B8747434750832BF1B9CDEE,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000343739Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.964{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575,IMPHASH=CBD4A2FD581B65B4B1934DA291FA2B86trueMicrosoft WindowsValid 18141800x8000000000000000343738Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:25.964{6820D070-4D64-6323-ED00-000000007502}6140\LOCAL\cubeb-pipe-6140-31C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000343737Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:25.964{6820D070-4D64-6323-ED00-000000007502}6140\LOCAL\cubeb-pipe-6140-31C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000343736Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.963{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\windows.storage.dll10.0.14393.5291 (rs1_release.220806-1444)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=AA86B65DCB0ECF7263B863DE2A4E8D00,SHA256=2C4E0CA21438A610DCC55E24190146254E959DC5B8A0DE00BE517365CCCB10FB,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 734700x8000000000000000343735Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.961{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntdll.dll10.0.14393.5006 (rs1_release.220301-1704)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=F5EE39B17A8BCDEDC3D40997C26F62B1,SHA256=11C1C88B1CC11D9800DEEF27ED7ABDFDE3DC852687A3B9FBD5153284106E5952,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000343734Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.960{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winmm.dll10.0.14393.0 (rs1_release.160715-1616)MCI API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMM.DLLMD5=F16410F5D557337B05CF4F93691EC106,SHA256=2B5BC3C0A6514356C6719298FC25D8D192A2C973EE3283EF48379D2745C9BD87,IMPHASH=9F0D37252D56D3F9E44E69CCC59B57AEtrueMicrosoft WindowsValid 734700x8000000000000000343733Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.960{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\firefox.exe104.0.2FirefoxFirefoxMozilla Corporationfirefox.exeMD5=BBF69077780A3C362C8F6545B6B254B9,SHA256=9BA01237719ABB00128CC369D5BEA68E6EB6AFCAA47C4316EED174615B90E2B6,IMPHASH=9AE80BC4D7F699F3663D6FC8FC1CEAF0trueMozilla CorporationValid 10341000x8000000000000000343732Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.960{6820D070-4AD1-6323-1200-000000007502}3961540C:\Windows\system32\svchost.exe{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cd4|c:\windows\system32\fntcache.dll+17a6f|c:\windows\system32\fntcache.dll+1a637|c:\windows\system32\fntcache.dll+1aa6c|c:\windows\system32\fntcache.dll+501de|c:\windows\system32\fntcache.dll+4fee2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343731Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.960{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\shell32.dll10.0.14393.5291 (rs1_release.220806-1444)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=D73641916AB4964C7FE9B4A37473A01B,SHA256=4BB60581FB93D73CDC4F1FBEA2DDACE5D16FE61B6E0E16622C326B6E2F407A7E,IMPHASH=2A461CACC80CB7AC077398BD06B4057AtrueMicrosoft WindowsValid 10341000x8000000000000000343730Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.960{6820D070-4D64-6323-ED00-000000007502}61405612C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+9f9b59|C:\Program Files\Mozilla Firefox\xul.dll+7c6334|C:\Program Files\Mozilla Firefox\xul.dll+1a7fd3f|C:\Program Files\Mozilla Firefox\xul.dll+12cb5|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+127e7|C:\Program Files\Mozilla Firefox\xul.dll+9e0231|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343729Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.958{6820D070-4B7C-6323-8800-000000007502}628648C:\Windows\system32\csrss.exe{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000343728Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.957{6820D070-4D64-6323-ED00-000000007502}61405840C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b830|C:\Windows\System32\KERNELBASE.dll+6f523|C:\Windows\System32\ADVAPI32.dll+189bf|C:\Program Files\Mozilla Firefox\firefox.exe+2bb52|C:\Program Files\Mozilla Firefox\firefox.exe+59d7|C:\Program Files\Mozilla Firefox\xul.dll+203367f|C:\Program Files\Mozilla Firefox\xul.dll+9f4a88|C:\Program Files\Mozilla Firefox\xul.dll+9f2b85|C:\Program Files\Mozilla Firefox\xul.dll+9faa2e|C:\Program Files\Mozilla Firefox\xul.dll+84ead3|C:\Program Files\Mozilla Firefox\xul.dll+17b26ed|C:\Program Files\Mozilla Firefox\xul.dll+17b0967|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+1fc8e|C:\Program Files\Mozilla Firefox\xul.dll+8523f7|C:\Program Files\Mozilla Firefox\nss3.dll+75edc|C:\Program Files\Mozilla Firefox\nss3.dll+8c1d1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000343727Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.957{6820D070-4DF9-6323-2901-000000007502}7704C:\Program Files\Mozilla Firefox\firefox.exe104.0.2FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6140.39.226028675\1566391436" -childID 36 -isForBrowser -prefsHandle 5364 -prefMapHandle 5660 -prefsLen 31603 -prefMapSize 231974 -jsInitHandle 1100 -jsInitLen 247228 -a11yResourceId 64 -parentBuildID 20220902153754 -appDir "C:\Program Files\Mozilla Firefox\browser" - 6140 "\\.\pipe\gecko-crash-server-pipe.6140" 9504 2612f1dd548 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{6820D070-4B7D-6323-1F63-0C0000000000}0xc631f2LowMD5=BBF69077780A3C362C8F6545B6B254B9,SHA256=9BA01237719ABB00128CC369D5BEA68E6EB6AFCAA47C4316EED174615B90E2B6,IMPHASH=9AE80BC4D7F699F3663D6FC8FC1CEAF0{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 10341000x8000000000000000343726Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.956{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343725Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.956{6820D070-4AD1-6323-1200-000000007502}3961540C:\Windows\system32\svchost.exe{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cd4|c:\windows\system32\fntcache.dll+17a6f|c:\windows\system32\fntcache.dll+1a637|c:\windows\system32\fntcache.dll+1aa6c|c:\windows\system32\fntcache.dll+501de|c:\windows\system32\fntcache.dll+4fee2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343724Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.956{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343723Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.955{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntmarta.dll10.0.14393.0 (rs1_release.160715-1616)Windows NT MARTA providerMicrosoft® Windows® Operating SystemMicrosoft Corporationntmarta.dllMD5=854A3CAE7C97B630158C9F7EE8555970,SHA256=20F0A4D99C5095A0CAC39B816BFC987F64CD051843C79E027714666375986176,IMPHASH=98050D95AE15C8382F287539F2BF65FAtrueMicrosoft WindowsValid 734700x8000000000000000343722Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.953{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704,IMPHASH=1835EBC72F9ADB09C6FCFABC04AC9C89trueMicrosoft WindowsValid 734700x8000000000000000343721Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.953{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winmmbase.dll10.0.14393.0 (rs1_release.160715-1616)Base Multimedia Extension API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMMbase.DLLMD5=24C1E8F8C10471C5A6F0E8AF141211EB,SHA256=75ECAE23C920D81614BA5C0648377C2FC04C7379FD6A388C244A81F50AAB7B1C,IMPHASH=0B9A3C99AAFA99247F9E2BD866186AEAtrueMicrosoft WindowsValid 734700x8000000000000000343720Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.952{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winmm.dll10.0.14393.0 (rs1_release.160715-1616)MCI API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMM.DLLMD5=F16410F5D557337B05CF4F93691EC106,SHA256=2B5BC3C0A6514356C6719298FC25D8D192A2C973EE3283EF48379D2745C9BD87,IMPHASH=9F0D37252D56D3F9E44E69CCC59B57AEtrueMicrosoft WindowsValid 10341000x8000000000000000343719Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.951{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343718Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.951{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343717Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.951{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12,IMPHASH=67E6A4C8E164C0229E3FF1626F1894C6trueMicrosoft WindowsValid 734700x8000000000000000343716Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.950{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\DWrite.dll10.0.14393.4704 (rs1_release.211004-1917)Microsoft DirectX Typography ServicesMicrosoft® Windows® Operating SystemMicrosoft CorporationDWriteMD5=E6024B83C3D336E71E636E2816A0F6C6,SHA256=6BCFB676656A149E0307D6BA0AEE58FA6057BB8A920B57505CD2B90C8968DF94,IMPHASH=4DF173E853B52F621D05CC337B9F72CEtrueMicrosoft WindowsValid 734700x8000000000000000343715Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.950{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x8000000000000000343714Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.949{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winmm.dll10.0.14393.0 (rs1_release.160715-1616)MCI API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMM.DLLMD5=F16410F5D557337B05CF4F93691EC106,SHA256=2B5BC3C0A6514356C6719298FC25D8D192A2C973EE3283EF48379D2745C9BD87,IMPHASH=9F0D37252D56D3F9E44E69CCC59B57AEtrueMicrosoft WindowsValid 734700x8000000000000000343713Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.948{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\devobj.dll10.0.14393.0 (rs1_release.160715-1616)Device Information Set DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationdevinfoset.DLLMD5=72AD993A6E896EB50058A73D045F3284,SHA256=CFF524F52D5F91788F34A47076E0CA36132890981079B27F559279B3F6FC3B11,IMPHASH=DFDCA72C641F8587ADF49CA0ED1D5817trueMicrosoft WindowsValid 18141800x8000000000000000343712Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:25.947{6820D070-4D64-6323-ED00-000000007502}6140\LOCAL\cubeb-pipe-6140-30C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000343711Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:25.947{6820D070-4D64-6323-ED00-000000007502}6140\LOCAL\cubeb-pipe-6140-30C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000343710Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.947{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\setupapi.dll10.0.14393.2608 (rs1_release.181024-1742)Windows Setup APIMicrosoft® Windows® Operating SystemMicrosoft CorporationSETUPAPI.DLLMD5=8EEA3E9E124AC395915517588723F12E,SHA256=ED63B8F0079069271F46EECCB4B0CF384D02BD1E18FE3BA635A0C0B1284B2CBE,IMPHASH=5910ADAAC44A92AFA6ED871531949CEEtrueMicrosoft WindowsValid 18141800x8000000000000000343709Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:25.944{6820D070-4D64-6323-ED00-000000007502}6140\gecko.6140.5612.2212280570039947566C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000343708Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:25.944{6820D070-4D64-6323-ED00-000000007502}6140\gecko.6140.5612.2212280570039947566C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000343707Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.942{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704,IMPHASH=1835EBC72F9ADB09C6FCFABC04AC9C89trueMicrosoft WindowsValid 734700x8000000000000000343706Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.939{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ole32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=EB53D1BF6E1667C8727EBBB5D5A862ED,SHA256=2B3D48DFA43A284B1C66A8A98B0A48104133D86EEEB2E8E060BE2281CF476348,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 10341000x8000000000000000343705Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.939{6820D070-4ACF-6323-0B00-000000007502}620668C:\Windows\system32\lsass.exe{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\lsasrv.dll+26e07|C:\Windows\system32\lsasrv.dll+27f99|C:\Windows\system32\lsasrv.dll+26c85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343704Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.939{6820D070-4ACF-6323-0B00-000000007502}620668C:\Windows\system32\lsass.exe{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2bdcf|C:\Windows\system32\lsasrv.dll+26bcd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343703Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.935{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\freebl3.dll104.0.2-FirefoxMozilla Foundationfreebl3.dllMD5=E955B74FC4EC39B2FBA71B95F5785511,SHA256=AF895F69461521DC6DE09FA62D81F833D63D8559CA58FDBDACDDEBAF756FE717,IMPHASH=603677F758E7CEE100C502B5C0E50293trueMozilla CorporationValid 10341000x8000000000000000343702Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.934{6820D070-4D64-6323-ED00-000000007502}61405612C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1a81b5a|C:\Program Files\Mozilla Firefox\xul.dll+1a7fb67|C:\Program Files\Mozilla Firefox\xul.dll+12cb5|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+127e7|C:\Program Files\Mozilla Firefox\xul.dll+9e0231|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000343701Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:25.934{6820D070-4D64-6323-ED00-000000007502}6140\chrome.6140.38.94187970C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000343700Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.933{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343699Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.933{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\softokn3.dll104.0.2-FirefoxMozilla Foundationsoftokn3.dllMD5=4E78CA1C6C19DE0E2F37505183B005A8,SHA256=ADFA856F86B98E90DA37A1BDA1ABC261A6A871042FB342F93F43C6777E9E3CE2,IMPHASH=8217C8B17239D6236F43DE3AC007B8A6trueMozilla CorporationValid 734700x8000000000000000343698Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.933{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\sspicli.dll10.0.14393.5006 (rs1_release.220301-1704)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=F0258C58C8DC45AF9B5AAF9BA49E0C53,SHA256=8E1EAA39742CC0E97D615229E9C13C8447B8D115B4678A1F03BE3E8E20345521,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 10341000x8000000000000000343697Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.930{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343696Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.930{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343695Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.929{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343694Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.929{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343693Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.929{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343692Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.927{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\userenv.dll10.0.14393.4583 (rs1_release.210730-1850)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=E0F286AF345442E267C33880492CED31,SHA256=5C6D66F5A748551999BE1CDE33A3A1FC2E10D1297EF275D232A9FDCC95BEA84B,IMPHASH=C84FC60AE2A79A06E8C46A6929CDECB4trueMicrosoft WindowsValid 10341000x8000000000000000343691Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.926{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343690Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.924{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+406b6|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+54cfb|C:\Windows\System32\RPCRT4.dll+533da|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343689Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.922{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntmarta.dll10.0.14393.0 (rs1_release.160715-1616)Windows NT MARTA providerMicrosoft® Windows® Operating SystemMicrosoft Corporationntmarta.dllMD5=854A3CAE7C97B630158C9F7EE8555970,SHA256=20F0A4D99C5095A0CAC39B816BFC987F64CD051843C79E027714666375986176,IMPHASH=98050D95AE15C8382F287539F2BF65FAtrueMicrosoft WindowsValid 734700x8000000000000000343688Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.921{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 18141800x8000000000000000343687Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:25.921{6820D070-4D64-6323-ED00-000000007502}6140\gecko.6140.5612.4533594366236484243C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000343686Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:25.921{6820D070-4D64-6323-ED00-000000007502}6140\gecko.6140.5612.4533594366236484243C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000343685Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.921{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\shlwapi.dll10.0.14393.5125 (rs1_release.220429-1732)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=407E895A220DE1A60C5B555A113FE998,SHA256=FE184347784F83953457146562E0F6C87C8DA04D0288415465631325A2A98C92,IMPHASH=9F3DE8492A7F075320A36332ACC9CAAFtrueMicrosoft WindowsValid 10341000x8000000000000000343684Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.921{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343683Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.920{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12,IMPHASH=67E6A4C8E164C0229E3FF1626F1894C6trueMicrosoft WindowsValid 734700x8000000000000000343682Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.919{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x8000000000000000343681Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.918{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winmmbase.dll10.0.14393.0 (rs1_release.160715-1616)Base Multimedia Extension API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMMbase.DLLMD5=24C1E8F8C10471C5A6F0E8AF141211EB,SHA256=75ECAE23C920D81614BA5C0648377C2FC04C7379FD6A388C244A81F50AAB7B1C,IMPHASH=0B9A3C99AAFA99247F9E2BD866186AEAtrueMicrosoft WindowsValid 734700x8000000000000000343680Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.918{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575,IMPHASH=CBD4A2FD581B65B4B1934DA291FA2B86trueMicrosoft WindowsValid 10341000x8000000000000000343679Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.918{6820D070-4D64-6323-ED00-000000007502}61404084C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+114dfb|C:\Program Files\Mozilla Firefox\xul.dll+12ee2b1|C:\Windows\SYSTEM32\ntdll.dll+7f61d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed13|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000343678Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:25.917{6820D070-4D64-6323-ED00-000000007502}6140\gecko-crash-server-pipe.6140C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000343677Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.915{6820D070-4D64-6323-ED00-000000007502}61405612C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1a81b5a|C:\Program Files\Mozilla Firefox\xul.dll+1a7fb67|C:\Program Files\Mozilla Firefox\xul.dll+12cb5|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+127e7|C:\Program Files\Mozilla Firefox\xul.dll+9e0231|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000343676Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:25.914{6820D070-4D64-6323-ED00-000000007502}6140\chrome.6140.37.68911627C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000343675Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.913{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343674Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.913{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343673Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.913{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343672Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.913{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343671Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.912{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343670Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.912{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343669Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.911{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343668Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.911{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343667Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.907{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\windows.storage.dll10.0.14393.5291 (rs1_release.220806-1444)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=AA86B65DCB0ECF7263B863DE2A4E8D00,SHA256=2C4E0CA21438A610DCC55E24190146254E959DC5B8A0DE00BE517365CCCB10FB,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 734700x8000000000000000343666Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.906{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\version.dll10.0.14393.0 (rs1_release.160715-1616)Version Checking and File Installation LibrariesMicrosoft® Windows® Operating SystemMicrosoft CorporationVERSION.DLLMD5=CFDB018AC09F879CAAE7A66CA7880D57,SHA256=6AB95FD0D142CFFC3B9455AF51F003E1CD75B7F4323820390B975F9E1C8A47A5,IMPHASH=9A7C66851249D4CED6C2C9096DCA243BtrueMicrosoft WindowsValid 734700x8000000000000000343665Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.906{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\shell32.dll10.0.14393.5291 (rs1_release.220806-1444)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=D73641916AB4964C7FE9B4A37473A01B,SHA256=4BB60581FB93D73CDC4F1FBEA2DDACE5D16FE61B6E0E16622C326B6E2F407A7E,IMPHASH=2A461CACC80CB7AC077398BD06B4057AtrueMicrosoft WindowsValid 10341000x8000000000000000343664Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.905{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+406b6|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+54cfb|C:\Windows\System32\RPCRT4.dll+533da|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343663Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.905{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\SHCore.dll10.0.14393.5066 (rs1_release.220401-1841)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=FC58D75DDAF44088B9101BE2418B1967,SHA256=74A0CCA04F2405A329897A6A1A3E90A0CE48E5772F85E7188C75677CD9D78160,IMPHASH=3C09BDCE2388320645D7656AE2AC744CtrueMicrosoft WindowsValid 18141800x8000000000000000343662Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:25.903{6820D070-4D64-6323-ED00-000000007502}6140\LOCAL\cubeb-pipe-6140-29C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000343661Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:25.903{6820D070-4D64-6323-ED00-000000007502}6140\LOCAL\cubeb-pipe-6140-29C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000343660Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.902{6820D070-4DF9-6323-1F01-000000007502}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x8000000000000000343659Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.901{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+406b6|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+54cfb|C:\Windows\System32\RPCRT4.dll+533da|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343658Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.900{6820D070-4DF9-6323-1F01-000000007502}70285960C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6820D070-4ADF-6323-3200-000000007502}2936C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+606005|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+605b36|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+75996|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+9dd220|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343657Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.900{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\mswsock.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft Windows Sockets 2.0 Service ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationmswsock.dllMD5=B52ACA309FD6F72105951FFBA022327B,SHA256=02AB6CCE4BF0D3F075D5E982F5A4CBDB514CE7C245EA474D7846A86CD3F13202,IMPHASH=0E9C1FA273A5EFD763FAC8E145B20C80trueMicrosoft WindowsValid 734700x8000000000000000343656Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.899{6820D070-4DF9-6323-1F01-000000007502}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 10341000x8000000000000000343655Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.898{6820D070-4AD1-6323-1200-000000007502}3961540C:\Windows\system32\svchost.exe{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cd4|c:\windows\system32\fntcache.dll+17a6f|c:\windows\system32\fntcache.dll+1a637|c:\windows\system32\fntcache.dll+1aa6c|c:\windows\system32\fntcache.dll+501de|c:\windows\system32\fntcache.dll+4fee2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343654Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.897{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704,IMPHASH=1835EBC72F9ADB09C6FCFABC04AC9C89trueMicrosoft WindowsValid 734700x8000000000000000343653Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.897{6820D070-4DF9-6323-1F01-000000007502}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 10341000x8000000000000000343652Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.896{6820D070-4AD1-6323-1200-000000007502}3961540C:\Windows\system32\svchost.exe{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cd4|c:\windows\system32\fntcache.dll+17a6f|c:\windows\system32\fntcache.dll+1a637|c:\windows\system32\fntcache.dll+1aa6c|c:\windows\system32\fntcache.dll+501de|c:\windows\system32\fntcache.dll+4fee2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343651Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.896{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\combase.dll10.0.14393.5192 (rs1_release.220610-1622)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=336FBB55FF4D4E5A05343A51C98A8F74,SHA256=FD42EBCB39DD4311FA7515010FF4D08AC4DFF7D5C35FCB23207833ED4C2E8444,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000343650Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.896{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winmmbase.dll10.0.14393.0 (rs1_release.160715-1616)Base Multimedia Extension API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMMbase.DLLMD5=24C1E8F8C10471C5A6F0E8AF141211EB,SHA256=75ECAE23C920D81614BA5C0648377C2FC04C7379FD6A388C244A81F50AAB7B1C,IMPHASH=0B9A3C99AAFA99247F9E2BD866186AEAtrueMicrosoft WindowsValid 734700x8000000000000000343649Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.895{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000343648Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.895{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000343647Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.895{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36,IMPHASH=FF25576501EAFD13671A6D5075C4513EtrueMicrosoft WindowsValid 734700x8000000000000000343646Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.894{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000343645Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.892{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wintrust.dll10.0.14393.5125 (rs1_release.220429-1732)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=55FCE44E89BDA2444619661FE50F43EE,SHA256=420CACA0D821E7E9F1D1E683E9899BC2F6D5A4AA06C8D4BB23335DD9490CC0F8,IMPHASH=8B8383FC3FA03C92F859A2AF899A52ADtrueMicrosoft WindowsValid 734700x8000000000000000343644Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.892{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll104.0.2-FirefoxMozilla Foundationxul.dllMD5=0A51F22D078855CE4E32F0987E9B06C6,SHA256=CD073C7F42A13D192E8E96AC16B0C2BE56D40424768DC65733380AB4AFBD4716,IMPHASH=9A9A84C657A1B1C5F1F6F1989D349543trueMozilla CorporationValid 734700x8000000000000000343643Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.891{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\lgpllibs.dll104.0.2-FirefoxMozilla Foundationlgpllibs.dllMD5=8A81C934123E7CA79B7A1741570D3336,SHA256=0A0F351BBB315E6364398A55F77607E57C29CB83BEE9FC6D7EA6DC3D761964DA,IMPHASH=451AECEA9F58042E76D96A82BE2804FAtrueMozilla CorporationValid 734700x8000000000000000343642Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.890{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wsock32.dll10.0.14393.0 (rs1_release.160715-1616)Windows Socket 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationwsock32.dllMD5=9471D5E2FEDF5552440BF935143DFAB0,SHA256=B489197F05EFFFB17F10FA9942DB88100C86BEB8291F9ACC8EB38BEF751BF90D,IMPHASH=6D33A1BDF842DEBFB889C44A830190E7trueMicrosoft WindowsValid 734700x8000000000000000343641Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.889{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winmm.dll10.0.14393.0 (rs1_release.160715-1616)MCI API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMM.DLLMD5=F16410F5D557337B05CF4F93691EC106,SHA256=2B5BC3C0A6514356C6719298FC25D8D192A2C973EE3283EF48379D2745C9BD87,IMPHASH=9F0D37252D56D3F9E44E69CCC59B57AEtrueMicrosoft WindowsValid 734700x8000000000000000343640Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.888{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000343639Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.888{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\rpcrt4.dll10.0.14393.5291 (rs1_release.220806-1444)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=F8550606B41FF309D9A1DC76BB4EE875,SHA256=A1FFDD6A2EDA9E0CF047C74B00649A2EA228E3B8BDE1761C66879FA40335C2EB,IMPHASH=C4246EC3F13C64466ED4274DBAA3B132trueMicrosoft WindowsValid 734700x8000000000000000343638Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.888{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\sechost.dll10.0.14393.5006 (rs1_release.220301-1704)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=9F0F4C38A22FC9FFB8814F77A9563680,SHA256=E9ABDA1063716301F5D06DBC94D6A35B3F53A14B946525E5F764485132DB6166,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000343637Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.887{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000343636Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.884{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntmarta.dll10.0.14393.0 (rs1_release.160715-1616)Windows NT MARTA providerMicrosoft® Windows® Operating SystemMicrosoft Corporationntmarta.dllMD5=854A3CAE7C97B630158C9F7EE8555970,SHA256=20F0A4D99C5095A0CAC39B816BFC987F64CD051843C79E027714666375986176,IMPHASH=98050D95AE15C8382F287539F2BF65FAtrueMicrosoft WindowsValid 734700x8000000000000000343635Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.883{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\advapi32.dll10.0.14393.4886 (rs1_release.220104-1735)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=C42106182CCA611F629E46981D1A0EEA,SHA256=68C134F95A8D38AE84545C8D581F4BF808B6C9D97513EA3CABF019C66419CBAE,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x8000000000000000343634Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.881{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\nss3.dll104.0.2-FirefoxMozilla Foundationnss3.dllMD5=53509A4511300964ADB047AD5F1F1170,SHA256=2241536476C6C2CCE371DCFB08432C351198809A577FFC2E79D27FCEAAB6FEE5,IMPHASH=C637BF48786E5FC945D5268F49B50500trueMozilla CorporationValid 18141800x8000000000000000343633Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:25.879{6820D070-4D64-6323-ED00-000000007502}6140\gecko.6140.5612.12682766706633186831C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000343632Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:25.879{6820D070-4D64-6323-ED00-000000007502}6140\gecko.6140.5612.12682766706633186831C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000343631Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.879{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12,IMPHASH=67E6A4C8E164C0229E3FF1626F1894C6trueMicrosoft WindowsValid 734700x8000000000000000343630Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.878{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\DWrite.dll10.0.14393.4704 (rs1_release.211004-1917)Microsoft DirectX Typography ServicesMicrosoft® Windows® Operating SystemMicrosoft CorporationDWriteMD5=E6024B83C3D336E71E636E2816A0F6C6,SHA256=6BCFB676656A149E0307D6BA0AEE58FA6057BB8A920B57505CD2B90C8968DF94,IMPHASH=4DF173E853B52F621D05CC337B9F72CEtrueMicrosoft WindowsValid 734700x8000000000000000343629Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.878{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 734700x8000000000000000343628Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.876{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\devobj.dll10.0.14393.0 (rs1_release.160715-1616)Device Information Set DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationdevinfoset.DLLMD5=72AD993A6E896EB50058A73D045F3284,SHA256=CFF524F52D5F91788F34A47076E0CA36132890981079B27F559279B3F6FC3B11,IMPHASH=DFDCA72C641F8587ADF49CA0ED1D5817trueMicrosoft WindowsValid 734700x8000000000000000343627Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.875{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x8000000000000000343626Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.874{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\setupapi.dll10.0.14393.2608 (rs1_release.181024-1742)Windows Setup APIMicrosoft® Windows® Operating SystemMicrosoft CorporationSETUPAPI.DLLMD5=8EEA3E9E124AC395915517588723F12E,SHA256=ED63B8F0079069271F46EECCB4B0CF384D02BD1E18FE3BA635A0C0B1284B2CBE,IMPHASH=5910ADAAC44A92AFA6ED871531949CEEtrueMicrosoft WindowsValid 10341000x8000000000000000343625Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.872{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343624Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.872{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winmm.dll10.0.14393.0 (rs1_release.160715-1616)MCI API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMM.DLLMD5=F16410F5D557337B05CF4F93691EC106,SHA256=2B5BC3C0A6514356C6719298FC25D8D192A2C973EE3283EF48379D2745C9BD87,IMPHASH=9F0D37252D56D3F9E44E69CCC59B57AEtrueMicrosoft WindowsValid 10341000x8000000000000000343623Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.872{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343622Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.871{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343621Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.871{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343620Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.869{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ole32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=EB53D1BF6E1667C8727EBBB5D5A862ED,SHA256=2B3D48DFA43A284B1C66A8A98B0A48104133D86EEEB2E8E060BE2281CF476348,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 10341000x8000000000000000343619Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.867{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343618Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.867{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343617Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.867{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343616Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.867{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343615Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.866{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343614Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.866{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\lsasrv.dll+26e07|C:\Windows\system32\lsasrv.dll+27f99|C:\Windows\system32\lsasrv.dll+26c85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343613Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.866{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343612Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.866{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2bdcf|C:\Windows\system32\lsasrv.dll+26bcd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343611Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.866{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\sspicli.dll10.0.14393.5006 (rs1_release.220301-1704)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=F0258C58C8DC45AF9B5AAF9BA49E0C53,SHA256=8E1EAA39742CC0E97D615229E9C13C8447B8D115B4678A1F03BE3E8E20345521,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x8000000000000000343610Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.863{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\userenv.dll10.0.14393.4583 (rs1_release.210730-1850)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=E0F286AF345442E267C33880492CED31,SHA256=5C6D66F5A748551999BE1CDE33A3A1FC2E10D1297EF275D232A9FDCC95BEA84B,IMPHASH=C84FC60AE2A79A06E8C46A6929CDECB4trueMicrosoft WindowsValid 17141700x8000000000000000343609Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:25.862{6820D070-4D64-6323-ED00-000000007502}6140\chrome.6140.39.22602867C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000343608Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.858{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 734700x8000000000000000343607Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.857{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\shlwapi.dll10.0.14393.5125 (rs1_release.220429-1732)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=407E895A220DE1A60C5B555A113FE998,SHA256=FE184347784F83953457146562E0F6C87C8DA04D0288415465631325A2A98C92,IMPHASH=9F3DE8492A7F075320A36332ACC9CAAFtrueMicrosoft WindowsValid 354300x8000000000000000343606Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.274{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local61785- 354300x8000000000000000343605Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.242{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local54831- 354300x8000000000000000343604Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.241{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local61137- 734700x8000000000000000343603Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.857{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575,IMPHASH=CBD4A2FD581B65B4B1934DA291FA2B86trueMicrosoft WindowsValid 354300x8000000000000000343602Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.240{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local54859- 734700x8000000000000000343601Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.856{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\windows.storage.dll10.0.14393.5291 (rs1_release.220806-1444)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=AA86B65DCB0ECF7263B863DE2A4E8D00,SHA256=2C4E0CA21438A610DCC55E24190146254E959DC5B8A0DE00BE517365CCCB10FB,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 734700x8000000000000000343600Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.856{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\shell32.dll10.0.14393.5291 (rs1_release.220806-1444)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=D73641916AB4964C7FE9B4A37473A01B,SHA256=4BB60581FB93D73CDC4F1FBEA2DDACE5D16FE61B6E0E16622C326B6E2F407A7E,IMPHASH=2A461CACC80CB7AC077398BD06B4057AtrueMicrosoft WindowsValid 18141800x8000000000000000343599Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:25.855{6820D070-4D64-6323-ED00-000000007502}6140\LOCAL\cubeb-pipe-6140-28C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000343598Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:25.855{6820D070-4D64-6323-ED00-000000007502}6140\LOCAL\cubeb-pipe-6140-28C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000343597Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:25.850{6820D070-4D64-6323-ED00-000000007502}6140\gecko.6140.5612.2400776177251426825C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000343596Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:25.850{6820D070-4D64-6323-ED00-000000007502}6140\gecko.6140.5612.2400776177251426825C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000343595Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.847{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704,IMPHASH=1835EBC72F9ADB09C6FCFABC04AC9C89trueMicrosoft WindowsValid 734700x8000000000000000343594Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.846{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winmmbase.dll10.0.14393.0 (rs1_release.160715-1616)Base Multimedia Extension API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMMbase.DLLMD5=24C1E8F8C10471C5A6F0E8AF141211EB,SHA256=75ECAE23C920D81614BA5C0648377C2FC04C7379FD6A388C244A81F50AAB7B1C,IMPHASH=0B9A3C99AAFA99247F9E2BD866186AEAtrueMicrosoft WindowsValid 734700x8000000000000000343593Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.845{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winmm.dll10.0.14393.0 (rs1_release.160715-1616)MCI API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMM.DLLMD5=F16410F5D557337B05CF4F93691EC106,SHA256=2B5BC3C0A6514356C6719298FC25D8D192A2C973EE3283EF48379D2745C9BD87,IMPHASH=9F0D37252D56D3F9E44E69CCC59B57AEtrueMicrosoft WindowsValid 10341000x8000000000000000343592Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.843{6820D070-4D64-6323-ED00-000000007502}61404084C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+114dfb|C:\Program Files\Mozilla Firefox\xul.dll+12ee2b1|C:\Windows\SYSTEM32\ntdll.dll+7f61d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed13|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343591Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.843{6820D070-4D64-6323-ED00-000000007502}61405612C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1a81b5a|C:\Program Files\Mozilla Firefox\xul.dll+1a7fb67|C:\Program Files\Mozilla Firefox\xul.dll+12cb5|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+127e7|C:\Program Files\Mozilla Firefox\xul.dll+9e0231|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000343590Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:25.842{6820D070-4D64-6323-ED00-000000007502}6140\gecko-crash-server-pipe.6140C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000343589Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.835{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\version.dll10.0.14393.0 (rs1_release.160715-1616)Version Checking and File Installation LibrariesMicrosoft® Windows® Operating SystemMicrosoft CorporationVERSION.DLLMD5=CFDB018AC09F879CAAE7A66CA7880D57,SHA256=6AB95FD0D142CFFC3B9455AF51F003E1CD75B7F4323820390B975F9E1C8A47A5,IMPHASH=9A7C66851249D4CED6C2C9096DCA243BtrueMicrosoft WindowsValid 734700x8000000000000000343588Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.834{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\SHCore.dll10.0.14393.5066 (rs1_release.220401-1841)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=FC58D75DDAF44088B9101BE2418B1967,SHA256=74A0CCA04F2405A329897A6A1A3E90A0CE48E5772F85E7188C75677CD9D78160,IMPHASH=3C09BDCE2388320645D7656AE2AC744CtrueMicrosoft WindowsValid 734700x8000000000000000343587Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.834{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\freebl3.dll104.0.2-FirefoxMozilla Foundationfreebl3.dllMD5=E955B74FC4EC39B2FBA71B95F5785511,SHA256=AF895F69461521DC6DE09FA62D81F833D63D8559CA58FDBDACDDEBAF756FE717,IMPHASH=603677F758E7CEE100C502B5C0E50293trueMozilla CorporationValid 734700x8000000000000000343586Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.834{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\combase.dll10.0.14393.5192 (rs1_release.220610-1622)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=336FBB55FF4D4E5A05343A51C98A8F74,SHA256=FD42EBCB39DD4311FA7515010FF4D08AC4DFF7D5C35FCB23207833ED4C2E8444,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000343585Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.834{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000343584Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.833{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\freebl3.dll104.0.2-FirefoxMozilla Foundationfreebl3.dllMD5=E955B74FC4EC39B2FBA71B95F5785511,SHA256=AF895F69461521DC6DE09FA62D81F833D63D8559CA58FDBDACDDEBAF756FE717,IMPHASH=603677F758E7CEE100C502B5C0E50293trueMozilla CorporationValid 734700x8000000000000000343583Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.833{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\softokn3.dll104.0.2-FirefoxMozilla Foundationsoftokn3.dllMD5=4E78CA1C6C19DE0E2F37505183B005A8,SHA256=ADFA856F86B98E90DA37A1BDA1ABC261A6A871042FB342F93F43C6777E9E3CE2,IMPHASH=8217C8B17239D6236F43DE3AC007B8A6trueMozilla CorporationValid 734700x8000000000000000343582Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.833{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000343581Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.833{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36,IMPHASH=FF25576501EAFD13671A6D5075C4513EtrueMicrosoft WindowsValid 734700x8000000000000000343580Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.832{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\softokn3.dll104.0.2-FirefoxMozilla Foundationsoftokn3.dllMD5=4E78CA1C6C19DE0E2F37505183B005A8,SHA256=ADFA856F86B98E90DA37A1BDA1ABC261A6A871042FB342F93F43C6777E9E3CE2,IMPHASH=8217C8B17239D6236F43DE3AC007B8A6trueMozilla CorporationValid 734700x8000000000000000343579Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.832{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000343578Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.832{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntmarta.dll10.0.14393.0 (rs1_release.160715-1616)Windows NT MARTA providerMicrosoft® Windows® Operating SystemMicrosoft Corporationntmarta.dllMD5=854A3CAE7C97B630158C9F7EE8555970,SHA256=20F0A4D99C5095A0CAC39B816BFC987F64CD051843C79E027714666375986176,IMPHASH=98050D95AE15C8382F287539F2BF65FAtrueMicrosoft WindowsValid 734700x8000000000000000343577Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.832{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wintrust.dll10.0.14393.5125 (rs1_release.220429-1732)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=55FCE44E89BDA2444619661FE50F43EE,SHA256=420CACA0D821E7E9F1D1E683E9899BC2F6D5A4AA06C8D4BB23335DD9490CC0F8,IMPHASH=8B8383FC3FA03C92F859A2AF899A52ADtrueMicrosoft WindowsValid 734700x8000000000000000343576Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.831{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll104.0.2-FirefoxMozilla Foundationxul.dllMD5=0A51F22D078855CE4E32F0987E9B06C6,SHA256=CD073C7F42A13D192E8E96AC16B0C2BE56D40424768DC65733380AB4AFBD4716,IMPHASH=9A9A84C657A1B1C5F1F6F1989D349543trueMozilla CorporationValid 734700x8000000000000000343575Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.830{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\lgpllibs.dll104.0.2-FirefoxMozilla Foundationlgpllibs.dllMD5=8A81C934123E7CA79B7A1741570D3336,SHA256=0A0F351BBB315E6364398A55F77607E57C29CB83BEE9FC6D7EA6DC3D761964DA,IMPHASH=451AECEA9F58042E76D96A82BE2804FAtrueMozilla CorporationValid 734700x8000000000000000343574Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.828{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wsock32.dll10.0.14393.0 (rs1_release.160715-1616)Windows Socket 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationwsock32.dllMD5=9471D5E2FEDF5552440BF935143DFAB0,SHA256=B489197F05EFFFB17F10FA9942DB88100C86BEB8291F9ACC8EB38BEF751BF90D,IMPHASH=6D33A1BDF842DEBFB889C44A830190E7trueMicrosoft WindowsValid 734700x8000000000000000343573Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.826{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000343572Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.825{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\rpcrt4.dll10.0.14393.5291 (rs1_release.220806-1444)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=F8550606B41FF309D9A1DC76BB4EE875,SHA256=A1FFDD6A2EDA9E0CF047C74B00649A2EA228E3B8BDE1761C66879FA40335C2EB,IMPHASH=C4246EC3F13C64466ED4274DBAA3B132trueMicrosoft WindowsValid 734700x8000000000000000343571Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.825{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12,IMPHASH=67E6A4C8E164C0229E3FF1626F1894C6trueMicrosoft WindowsValid 734700x8000000000000000343570Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.825{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\sechost.dll10.0.14393.5006 (rs1_release.220301-1704)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=9F0F4C38A22FC9FFB8814F77A9563680,SHA256=E9ABDA1063716301F5D06DBC94D6A35B3F53A14B946525E5F764485132DB6166,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000343569Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.823{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 10341000x8000000000000000343568Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.823{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+406b6|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+54cfb|C:\Windows\System32\RPCRT4.dll+533da|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343567Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.823{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\advapi32.dll10.0.14393.4886 (rs1_release.220104-1735)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=C42106182CCA611F629E46981D1A0EEA,SHA256=68C134F95A8D38AE84545C8D581F4BF808B6C9D97513EA3CABF019C66419CBAE,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x8000000000000000343566Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.823{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\nss3.dll104.0.2-FirefoxMozilla Foundationnss3.dllMD5=53509A4511300964ADB047AD5F1F1170,SHA256=2241536476C6C2CCE371DCFB08432C351198809A577FFC2E79D27FCEAAB6FEE5,IMPHASH=C637BF48786E5FC945D5268F49B50500trueMozilla CorporationValid 734700x8000000000000000343565Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.822{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntmarta.dll10.0.14393.0 (rs1_release.160715-1616)Windows NT MARTA providerMicrosoft® Windows® Operating SystemMicrosoft Corporationntmarta.dllMD5=854A3CAE7C97B630158C9F7EE8555970,SHA256=20F0A4D99C5095A0CAC39B816BFC987F64CD051843C79E027714666375986176,IMPHASH=98050D95AE15C8382F287539F2BF65FAtrueMicrosoft WindowsValid 734700x8000000000000000343564Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.821{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 10341000x8000000000000000343563Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.821{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+406b6|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+54cfb|C:\Windows\System32\RPCRT4.dll+533da|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343562Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.820{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\gdi32full.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F284A98093B423946252259D7D2857D3,SHA256=193F70529B68EF108EA17ABC069E6DACF4541A547DF1D2F249F7555A58BCFA07,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 18141800x8000000000000000343561Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:25.820{6820D070-4D64-6323-ED00-000000007502}6140\chrome.6140.33.105993728C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000343560Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.818{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x8000000000000000343559Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.817{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12,IMPHASH=67E6A4C8E164C0229E3FF1626F1894C6trueMicrosoft WindowsValid 734700x8000000000000000343558Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.817{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\gdi32full.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F284A98093B423946252259D7D2857D3,SHA256=193F70529B68EF108EA17ABC069E6DACF4541A547DF1D2F249F7555A58BCFA07,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 18141800x8000000000000000343557Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:25.817{6820D070-4D64-6323-ED00-000000007502}6140\gecko.6140.5612.3334851256529821816C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000343556Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:25.817{6820D070-4D64-6323-ED00-000000007502}6140\gecko.6140.5612.3334851256529821816C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000343555Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.817{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000343554Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.817{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000343553Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.816{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000343552Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.816{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000343551Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.816{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x8000000000000000343550Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.815{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000343549Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.815{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x8000000000000000343548Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.815{6820D070-4AD1-6323-0C00-000000007502}8283184C:\Windows\system32\svchost.exe{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+406b6|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+54cfb|C:\Windows\System32\RPCRT4.dll+533da|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343547Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.815{6820D070-4D64-6323-ED00-000000007502}61405612C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1a81b5a|C:\Program Files\Mozilla Firefox\xul.dll+1a7fb67|C:\Program Files\Mozilla Firefox\xul.dll+12cb5|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+127e7|C:\Program Files\Mozilla Firefox\xul.dll+9e0231|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000343546Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:25.814{6820D070-4D64-6323-ED00-000000007502}6140\chrome.6140.35.183867062C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000343545Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.814{6820D070-4D64-6323-ED00-000000007502}61405612C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1a81b5a|C:\Program Files\Mozilla Firefox\xul.dll+1a7fb67|C:\Program Files\Mozilla Firefox\xul.dll+12cb5|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+127e7|C:\Program Files\Mozilla Firefox\xul.dll+9e0231|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343544Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.814{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4770 (rs1_release.211101-1440)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=54417B63FB3760BC6DBC5DB1BDA4C272,SHA256=B7A8B457B252AB949C067D5FCFEFB2AE98E9115B958D2A0FC120D7B13B3E9FAD,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000343543Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.813{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000343542Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.810{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\vcruntime140_1.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140_1.dllMD5=135359D350F72AD4BF716B764D39E749,SHA256=34048ABAA070ECC13B318CEA31425F4CA3EDD133D350318AC65259E6058C8B32,IMPHASH=AE0BDE6314FA2027B54CE04898F6AB69trueMicrosoft CorporationValid 734700x8000000000000000343541Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.809{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\vcruntime140.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140.dllMD5=F34EB034AA4A9735218686590CBA2E8B,SHA256=9D2B40F0395CC5D1B4D5EA17B84970C29971D448C37104676DB577586D4AD1B1,IMPHASH=44C3854843F7A3FCCDF8DDBBEA66F302trueMicrosoft CorporationValid 734700x8000000000000000343540Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.808{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp140.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationmsvcp140.dllMD5=6DA7F4530EDB350CF9D967D969CCECF8,SHA256=9FEE6F36547D6F6EA7CA0338655555DBA6BB0F798BC60334D29B94D1547DA4DA,IMPHASH=2BA11FD5A511C8A409E705E9AB6B5DC1trueMicrosoft CorporationValid 734700x8000000000000000343539Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.807{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242,IMPHASH=B6562243FBF394F03046E917C719260FtrueMicrosoft WindowsValid 734700x8000000000000000343538Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.806{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\crypt32.dll10.0.14393.5291 (rs1_release.220806-1444)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=0D54B119907CCD11827832973EAB917D,SHA256=78C28A0165B0A2581662CFB3A89E319006518DC2E1A664E6027C7F8EBFA05D92,IMPHASH=42B269CD88D7BD841B43BB1788792A62trueMicrosoft WindowsValid 734700x8000000000000000343537Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.805{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\mozglue.dll104.0.2-FirefoxMozilla Foundationmozglue.dllMD5=D81C40EAA529D675598BD3D88F4D273B,SHA256=F89754F1E16A89AF01B5A3B2F4FDE652AA14DBA3131FB9A831D1E51E2E4D9359,IMPHASH=59035CC8561E9C04E566E656F35B9519trueMozilla CorporationValid 734700x8000000000000000343536Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.805{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000343535Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.804{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4770 (rs1_release.211101-1440)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=54417B63FB3760BC6DBC5DB1BDA4C272,SHA256=B7A8B457B252AB949C067D5FCFEFB2AE98E9115B958D2A0FC120D7B13B3E9FAD,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000343534Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.804{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000343533Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.802{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\freebl3.dll104.0.2-FirefoxMozilla Foundationfreebl3.dllMD5=E955B74FC4EC39B2FBA71B95F5785511,SHA256=AF895F69461521DC6DE09FA62D81F833D63D8559CA58FDBDACDDEBAF756FE717,IMPHASH=603677F758E7CEE100C502B5C0E50293trueMozilla CorporationValid 10341000x8000000000000000343532Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.800{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343531Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.801{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\softokn3.dll104.0.2-FirefoxMozilla Foundationsoftokn3.dllMD5=4E78CA1C6C19DE0E2F37505183B005A8,SHA256=ADFA856F86B98E90DA37A1BDA1ABC261A6A871042FB342F93F43C6777E9E3CE2,IMPHASH=8217C8B17239D6236F43DE3AC007B8A6trueMozilla CorporationValid 734700x8000000000000000343530Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.801{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\vcruntime140_1.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140_1.dllMD5=135359D350F72AD4BF716B764D39E749,SHA256=34048ABAA070ECC13B318CEA31425F4CA3EDD133D350318AC65259E6058C8B32,IMPHASH=AE0BDE6314FA2027B54CE04898F6AB69trueMicrosoft CorporationValid 10341000x8000000000000000343529Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.800{6820D070-4AD1-6323-0C00-000000007502}828940C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343528Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.799{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\vcruntime140.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140.dllMD5=F34EB034AA4A9735218686590CBA2E8B,SHA256=9D2B40F0395CC5D1B4D5EA17B84970C29971D448C37104676DB577586D4AD1B1,IMPHASH=44C3854843F7A3FCCDF8DDBBEA66F302trueMicrosoft CorporationValid 734700x8000000000000000343527Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.799{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp140.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationmsvcp140.dllMD5=6DA7F4530EDB350CF9D967D969CCECF8,SHA256=9FEE6F36547D6F6EA7CA0338655555DBA6BB0F798BC60334D29B94D1547DA4DA,IMPHASH=2BA11FD5A511C8A409E705E9AB6B5DC1trueMicrosoft CorporationValid 734700x8000000000000000343526Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.798{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242,IMPHASH=B6562243FBF394F03046E917C719260FtrueMicrosoft WindowsValid 734700x8000000000000000343525Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.797{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\crypt32.dll10.0.14393.5291 (rs1_release.220806-1444)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=0D54B119907CCD11827832973EAB917D,SHA256=78C28A0165B0A2581662CFB3A89E319006518DC2E1A664E6027C7F8EBFA05D92,IMPHASH=42B269CD88D7BD841B43BB1788792A62trueMicrosoft WindowsValid 734700x8000000000000000343524Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.797{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntmarta.dll10.0.14393.0 (rs1_release.160715-1616)Windows NT MARTA providerMicrosoft® Windows® Operating SystemMicrosoft Corporationntmarta.dllMD5=854A3CAE7C97B630158C9F7EE8555970,SHA256=20F0A4D99C5095A0CAC39B816BFC987F64CD051843C79E027714666375986176,IMPHASH=98050D95AE15C8382F287539F2BF65FAtrueMicrosoft WindowsValid 734700x8000000000000000343523Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.796{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\KernelBase.dll10.0.14393.5246 (rs1_release.220701-1744)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=96EFBE3DB6300BB13E0720809302FF9F,SHA256=2DE51A861E8D47D75730027E8BD70554363E10449EC258527C491EE8D4A57C2F,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000343522Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.796{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12,IMPHASH=67E6A4C8E164C0229E3FF1626F1894C6trueMicrosoft WindowsValid 18141800x8000000000000000343521Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:25.795{6820D070-4D64-6323-ED00-000000007502}6140\chrome.6140.32.23495975C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000343520Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.795{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=92D599E644B89C0F9E7DDB55762EBEA6,SHA256=F32D28EE73EADAF9EF3F30145FA3C52B88DF47236B8747434750832BF1B9CDEE,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 10341000x8000000000000000343519Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.795{6820D070-4AD1-6323-0C00-000000007502}8283184C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343518Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.795{6820D070-4AD1-6323-0C00-000000007502}8283184C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343517Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.794{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x8000000000000000343516Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.794{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntmarta.dll10.0.14393.0 (rs1_release.160715-1616)Windows NT MARTA providerMicrosoft® Windows® Operating SystemMicrosoft Corporationntmarta.dllMD5=854A3CAE7C97B630158C9F7EE8555970,SHA256=20F0A4D99C5095A0CAC39B816BFC987F64CD051843C79E027714666375986176,IMPHASH=98050D95AE15C8382F287539F2BF65FAtrueMicrosoft WindowsValid 734700x8000000000000000343515Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.794{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntdll.dll10.0.14393.5006 (rs1_release.220301-1704)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=F5EE39B17A8BCDEDC3D40997C26F62B1,SHA256=11C1C88B1CC11D9800DEEF27ED7ABDFDE3DC852687A3B9FBD5153284106E5952,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x8000000000000000343514Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.793{6820D070-4D64-6323-ED00-000000007502}61404084C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+114dfb|C:\Program Files\Mozilla Firefox\xul.dll+12ee2b1|C:\Windows\SYSTEM32\ntdll.dll+7f61d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed13|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343513Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.793{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\firefox.exe104.0.2FirefoxFirefoxMozilla Corporationfirefox.exeMD5=BBF69077780A3C362C8F6545B6B254B9,SHA256=9BA01237719ABB00128CC369D5BEA68E6EB6AFCAA47C4316EED174615B90E2B6,IMPHASH=9AE80BC4D7F699F3663D6FC8FC1CEAF0trueMozilla CorporationValid 18141800x8000000000000000343512Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:25.793{6820D070-4D64-6323-ED00-000000007502}6140\gecko-crash-server-pipe.6140C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000343511Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.793{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\mozglue.dll104.0.2-FirefoxMozilla Foundationmozglue.dllMD5=D81C40EAA529D675598BD3D88F4D273B,SHA256=F89754F1E16A89AF01B5A3B2F4FDE652AA14DBA3131FB9A831D1E51E2E4D9359,IMPHASH=59035CC8561E9C04E566E656F35B9519trueMozilla CorporationValid 734700x8000000000000000343510Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.793{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12,IMPHASH=67E6A4C8E164C0229E3FF1626F1894C6trueMicrosoft WindowsValid 734700x8000000000000000343509Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.791{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000343508Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.789{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x8000000000000000343507Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.789{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\KernelBase.dll10.0.14393.5246 (rs1_release.220701-1744)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=96EFBE3DB6300BB13E0720809302FF9F,SHA256=2DE51A861E8D47D75730027E8BD70554363E10449EC258527C491EE8D4A57C2F,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 18141800x8000000000000000343506Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:25.787{6820D070-4D64-6323-ED00-000000007502}6140\gecko.6140.5612.15741628267890577205C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000343505Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:25.787{6820D070-4D64-6323-ED00-000000007502}6140\gecko.6140.5612.15741628267890577205C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000343504Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.787{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\version.dll10.0.14393.0 (rs1_release.160715-1616)Version Checking and File Installation LibrariesMicrosoft® Windows® Operating SystemMicrosoft CorporationVERSION.DLLMD5=CFDB018AC09F879CAAE7A66CA7880D57,SHA256=6AB95FD0D142CFFC3B9455AF51F003E1CD75B7F4323820390B975F9E1C8A47A5,IMPHASH=9A7C66851249D4CED6C2C9096DCA243BtrueMicrosoft WindowsValid 10341000x8000000000000000343503Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.787{6820D070-4D64-6323-ED00-000000007502}61404084C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+114dfb|C:\Program Files\Mozilla Firefox\xul.dll+12ee2b1|C:\Windows\SYSTEM32\ntdll.dll+7f61d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed13|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000343502Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:25.786{6820D070-4D64-6323-ED00-000000007502}6140\gecko-crash-server-pipe.6140C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000343501Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.786{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\SHCore.dll10.0.14393.5066 (rs1_release.220401-1841)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=FC58D75DDAF44088B9101BE2418B1967,SHA256=74A0CCA04F2405A329897A6A1A3E90A0CE48E5772F85E7188C75677CD9D78160,IMPHASH=3C09BDCE2388320645D7656AE2AC744CtrueMicrosoft WindowsValid 734700x8000000000000000343500Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.786{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\combase.dll10.0.14393.5192 (rs1_release.220610-1622)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=336FBB55FF4D4E5A05343A51C98A8F74,SHA256=FD42EBCB39DD4311FA7515010FF4D08AC4DFF7D5C35FCB23207833ED4C2E8444,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 10341000x8000000000000000343499Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.785{6820D070-4D64-6323-ED00-000000007502}61404264C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+27040|C:\Program Files\Mozilla Firefox\xul.dll+e7c824|C:\Program Files\Mozilla Firefox\xul.dll+e76539|C:\Program Files\Mozilla Firefox\xul.dll+e6774a|C:\Program Files\Mozilla Firefox\xul.dll+378cdc3|C:\Program Files\Mozilla Firefox\xul.dll+7c6334|C:\Program Files\Mozilla Firefox\xul.dll+1a629d7|C:\Program Files\Mozilla Firefox\xul.dll+1a61c23|C:\Program Files\Mozilla Firefox\xul.dll+17b1bad|C:\Program Files\Mozilla Firefox\xul.dll+1a890bb|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+1fc8e|C:\Program Files\Mozilla Firefox\xul.dll+180dd8|C:\Program Files\Mozilla Firefox\xul.dll+17fd52|C:\Program Files\Mozilla Firefox\xul.dll+44a9b51|C:\Program Files\Mozilla Firefox\xul.dll+4511b42|C:\Program Files\Mozilla Firefox\xul.dll+451296c|C:\Program Files\Mozilla Firefox\xul.dll+1f8be23|C:\Program Files\Mozilla Firefox\firefox.exe+19db6|C:\Program Files\Mozilla Firefox\firefox.exe+27d18|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343498Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.785{6820D070-4D64-6323-ED00-000000007502}61405612C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1a81b5a|C:\Program Files\Mozilla Firefox\xul.dll+1a7fb67|C:\Program Files\Mozilla Firefox\xul.dll+12cb5|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+127e7|C:\Program Files\Mozilla Firefox\xul.dll+9e0231|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000343497Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:25.785{6820D070-4D64-6323-ED00-000000007502}6140\chrome.6140.36.134760747C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000343496Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.785{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 10341000x8000000000000000343495Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.785{6820D070-4D64-6323-ED00-000000007502}61405612C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+9f9b59|C:\Program Files\Mozilla Firefox\xul.dll+7c6334|C:\Program Files\Mozilla Firefox\xul.dll+1a7fd3f|C:\Program Files\Mozilla Firefox\xul.dll+12cb5|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+127e7|C:\Program Files\Mozilla Firefox\xul.dll+9e0231|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343494Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.784{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000343493Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.784{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36,IMPHASH=FF25576501EAFD13671A6D5075C4513EtrueMicrosoft WindowsValid 10341000x8000000000000000343492Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.783{6820D070-4B7C-6323-8800-000000007502}6281180C:\Windows\system32\csrss.exe{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000343491Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.783{6820D070-4AD1-6323-1200-000000007502}3961540C:\Windows\system32\svchost.exe{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cd4|c:\windows\system32\fntcache.dll+17a6f|c:\windows\system32\fntcache.dll+1a637|c:\windows\system32\fntcache.dll+1aa6c|c:\windows\system32\fntcache.dll+501de|c:\windows\system32\fntcache.dll+4fee2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343490Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.783{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 10341000x8000000000000000343489Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.782{6820D070-4D64-6323-ED00-000000007502}61405840C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b830|C:\Windows\System32\KERNELBASE.dll+6f523|C:\Windows\System32\ADVAPI32.dll+189bf|C:\Program Files\Mozilla Firefox\firefox.exe+2bb52|C:\Program Files\Mozilla Firefox\firefox.exe+59d7|C:\Program Files\Mozilla Firefox\xul.dll+203367f|C:\Program Files\Mozilla Firefox\xul.dll+9f4a88|C:\Program Files\Mozilla Firefox\xul.dll+9f2b85|C:\Program Files\Mozilla Firefox\xul.dll+9faa2e|C:\Program Files\Mozilla Firefox\xul.dll+84ead3|C:\Program Files\Mozilla Firefox\xul.dll+17b26ed|C:\Program Files\Mozilla Firefox\xul.dll+17b0967|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+1fc8e|C:\Program Files\Mozilla Firefox\xul.dll+8523f7|C:\Program Files\Mozilla Firefox\nss3.dll+75edc|C:\Program Files\Mozilla Firefox\nss3.dll+8c1d1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000343488Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.782{6820D070-4DF9-6323-2801-000000007502}7392C:\Program Files\Mozilla Firefox\firefox.exe104.0.2FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6140.38.941879703\917346091" -childID 35 -isForBrowser -prefsHandle 5588 -prefMapHandle 5740 -prefsLen 31603 -prefMapSize 231974 -jsInitHandle 1100 -jsInitLen 247228 -a11yResourceId 64 -parentBuildID 20220902153754 -appDir "C:\Program Files\Mozilla Firefox\browser" - 6140 "\\.\pipe\gecko-crash-server-pipe.6140" 9272 26122d5bc48 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{6820D070-4B7D-6323-1F63-0C0000000000}0xc631f2LowMD5=BBF69077780A3C362C8F6545B6B254B9,SHA256=9BA01237719ABB00128CC369D5BEA68E6EB6AFCAA47C4316EED174615B90E2B6,IMPHASH=9AE80BC4D7F699F3663D6FC8FC1CEAF0{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 734700x8000000000000000343487Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.782{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wintrust.dll10.0.14393.5125 (rs1_release.220429-1732)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=55FCE44E89BDA2444619661FE50F43EE,SHA256=420CACA0D821E7E9F1D1E683E9899BC2F6D5A4AA06C8D4BB23335DD9490CC0F8,IMPHASH=8B8383FC3FA03C92F859A2AF899A52ADtrueMicrosoft WindowsValid 734700x8000000000000000343486Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.781{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll104.0.2-FirefoxMozilla Foundationxul.dllMD5=0A51F22D078855CE4E32F0987E9B06C6,SHA256=CD073C7F42A13D192E8E96AC16B0C2BE56D40424768DC65733380AB4AFBD4716,IMPHASH=9A9A84C657A1B1C5F1F6F1989D349543trueMozilla CorporationValid 734700x8000000000000000343485Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.781{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\lgpllibs.dll104.0.2-FirefoxMozilla Foundationlgpllibs.dllMD5=8A81C934123E7CA79B7A1741570D3336,SHA256=0A0F351BBB315E6364398A55F77607E57C29CB83BEE9FC6D7EA6DC3D761964DA,IMPHASH=451AECEA9F58042E76D96A82BE2804FAtrueMozilla CorporationValid 10341000x8000000000000000343484Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.780{6820D070-4ACF-6323-0B00-000000007502}620668C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343483Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.780{6820D070-4ACF-6323-0B00-000000007502}620668C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343482Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.780{6820D070-4AD1-6323-1200-000000007502}3961540C:\Windows\system32\svchost.exe{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cd4|c:\windows\system32\fntcache.dll+17a6f|c:\windows\system32\fntcache.dll+1a637|c:\windows\system32\fntcache.dll+1aa6c|c:\windows\system32\fntcache.dll+501de|c:\windows\system32\fntcache.dll+4fee2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343481Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.780{6820D070-4ACF-6323-0B00-000000007502}620668C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343480Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.780{6820D070-4ACF-6323-0B00-000000007502}620668C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343479Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.780{6820D070-4ACF-6323-0B00-000000007502}620668C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343478Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.779{6820D070-4ACF-6323-0B00-000000007502}620668C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343477Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.779{6820D070-4ACF-6323-0B00-000000007502}620668C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343476Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.779{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wsock32.dll10.0.14393.0 (rs1_release.160715-1616)Windows Socket 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationwsock32.dllMD5=9471D5E2FEDF5552440BF935143DFAB0,SHA256=B489197F05EFFFB17F10FA9942DB88100C86BEB8291F9ACC8EB38BEF751BF90D,IMPHASH=6D33A1BDF842DEBFB889C44A830190E7trueMicrosoft WindowsValid 10341000x8000000000000000343475Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.779{6820D070-4ACF-6323-0B00-000000007502}620668C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343474Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.779{6820D070-4ACF-6323-0B00-000000007502}620668C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343473Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.779{6820D070-4ACF-6323-0B00-000000007502}620668C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000343472Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:25.779{6820D070-4D64-6323-ED00-000000007502}6140\gecko.6140.5612.3428666038158648819C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000343471Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:25.778{6820D070-4D64-6323-ED00-000000007502}6140\gecko.6140.5612.3428666038158648819C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000343470Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.778{6820D070-4ACF-6323-0B00-000000007502}620668C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343469Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.778{6820D070-4ACF-6323-0B00-000000007502}620668C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343468Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.778{6820D070-4ACF-6323-0B00-000000007502}620668C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343467Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.778{6820D070-4ACF-6323-0B00-000000007502}620668C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343466Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.778{6820D070-4ACF-6323-0B00-000000007502}620668C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343465Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.777{6820D070-4ACF-6323-0B00-000000007502}620668C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343464Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.777{6820D070-4ACF-6323-0B00-000000007502}620668C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343463Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.777{6820D070-4ACF-6323-0B00-000000007502}620668C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343462Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.777{6820D070-4ACF-6323-0B00-000000007502}620668C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343461Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.777{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 10341000x8000000000000000343460Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.777{6820D070-4D64-6323-ED00-000000007502}61405612C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1a81b5a|C:\Program Files\Mozilla Firefox\xul.dll+1a7fb67|C:\Program Files\Mozilla Firefox\xul.dll+12cb5|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+127e7|C:\Program Files\Mozilla Firefox\xul.dll+9e0231|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343459Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.777{6820D070-4ACF-6323-0B00-000000007502}620668C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343458Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.776{6820D070-4ACF-6323-0B00-000000007502}620668C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343457Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.776{6820D070-4ACF-6323-0B00-000000007502}620668C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343456Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.776{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\rpcrt4.dll10.0.14393.5291 (rs1_release.220806-1444)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=F8550606B41FF309D9A1DC76BB4EE875,SHA256=A1FFDD6A2EDA9E0CF047C74B00649A2EA228E3B8BDE1761C66879FA40335C2EB,IMPHASH=C4246EC3F13C64466ED4274DBAA3B132trueMicrosoft WindowsValid 18141800x8000000000000000343455Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:25.776{6820D070-4D64-6323-ED00-000000007502}6140\chrome.6140.34.99240149C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000343454Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.776{6820D070-4ACF-6323-0B00-000000007502}620668C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343453Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.776{6820D070-4ACF-6323-0B00-000000007502}620668C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343452Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.776{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\sechost.dll10.0.14393.5006 (rs1_release.220301-1704)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=9F0F4C38A22FC9FFB8814F77A9563680,SHA256=E9ABDA1063716301F5D06DBC94D6A35B3F53A14B946525E5F764485132DB6166,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 10341000x8000000000000000343451Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.776{6820D070-4ACF-6323-0B00-000000007502}620668C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343450Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.775{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\DWrite.dll10.0.14393.4704 (rs1_release.211004-1917)Microsoft DirectX Typography ServicesMicrosoft® Windows® Operating SystemMicrosoft CorporationDWriteMD5=E6024B83C3D336E71E636E2816A0F6C6,SHA256=6BCFB676656A149E0307D6BA0AEE58FA6057BB8A920B57505CD2B90C8968DF94,IMPHASH=4DF173E853B52F621D05CC337B9F72CEtrueMicrosoft WindowsValid 734700x8000000000000000343449Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.775{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 10341000x8000000000000000343448Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.775{6820D070-4ACF-6323-0B00-000000007502}620668C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343447Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.774{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\advapi32.dll10.0.14393.4886 (rs1_release.220104-1735)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=C42106182CCA611F629E46981D1A0EEA,SHA256=68C134F95A8D38AE84545C8D581F4BF808B6C9D97513EA3CABF019C66419CBAE,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x8000000000000000343446Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.774{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=92D599E644B89C0F9E7DDB55762EBEA6,SHA256=F32D28EE73EADAF9EF3F30145FA3C52B88DF47236B8747434750832BF1B9CDEE,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000343445Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.774{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\nss3.dll104.0.2-FirefoxMozilla Foundationnss3.dllMD5=53509A4511300964ADB047AD5F1F1170,SHA256=2241536476C6C2CCE371DCFB08432C351198809A577FFC2E79D27FCEAAB6FEE5,IMPHASH=C637BF48786E5FC945D5268F49B50500trueMozilla CorporationValid 17141700x8000000000000000343444Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:25.772{6820D070-4D64-6323-ED00-000000007502}6140\chrome.6140.38.94187970C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000343443Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.772{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 734700x8000000000000000343442Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.771{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\gdi32full.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F284A98093B423946252259D7D2857D3,SHA256=193F70529B68EF108EA17ABC069E6DACF4541A547DF1D2F249F7555A58BCFA07,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000343441Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.770{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\version.dll10.0.14393.0 (rs1_release.160715-1616)Version Checking and File Installation LibrariesMicrosoft® Windows® Operating SystemMicrosoft CorporationVERSION.DLLMD5=CFDB018AC09F879CAAE7A66CA7880D57,SHA256=6AB95FD0D142CFFC3B9455AF51F003E1CD75B7F4323820390B975F9E1C8A47A5,IMPHASH=9A7C66851249D4CED6C2C9096DCA243BtrueMicrosoft WindowsValid 734700x8000000000000000343440Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.770{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000343439Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.770{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000343438Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.770{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000343437Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.768{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\devobj.dll10.0.14393.0 (rs1_release.160715-1616)Device Information Set DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationdevinfoset.DLLMD5=72AD993A6E896EB50058A73D045F3284,SHA256=CFF524F52D5F91788F34A47076E0CA36132890981079B27F559279B3F6FC3B11,IMPHASH=DFDCA72C641F8587ADF49CA0ED1D5817trueMicrosoft WindowsValid 734700x8000000000000000343436Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.768{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4770 (rs1_release.211101-1440)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=54417B63FB3760BC6DBC5DB1BDA4C272,SHA256=B7A8B457B252AB949C067D5FCFEFB2AE98E9115B958D2A0FC120D7B13B3E9FAD,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000343435Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.768{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\setupapi.dll10.0.14393.2608 (rs1_release.181024-1742)Windows Setup APIMicrosoft® Windows® Operating SystemMicrosoft CorporationSETUPAPI.DLLMD5=8EEA3E9E124AC395915517588723F12E,SHA256=ED63B8F0079069271F46EECCB4B0CF384D02BD1E18FE3BA635A0C0B1284B2CBE,IMPHASH=5910ADAAC44A92AFA6ED871531949CEEtrueMicrosoft WindowsValid 734700x8000000000000000343434Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.768{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000343433Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.764{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\vcruntime140_1.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140_1.dllMD5=135359D350F72AD4BF716B764D39E749,SHA256=34048ABAA070ECC13B318CEA31425F4CA3EDD133D350318AC65259E6058C8B32,IMPHASH=AE0BDE6314FA2027B54CE04898F6AB69trueMicrosoft CorporationValid 734700x8000000000000000343432Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.763{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\vcruntime140.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140.dllMD5=F34EB034AA4A9735218686590CBA2E8B,SHA256=9D2B40F0395CC5D1B4D5EA17B84970C29971D448C37104676DB577586D4AD1B1,IMPHASH=44C3854843F7A3FCCDF8DDBBEA66F302trueMicrosoft CorporationValid 734700x8000000000000000343431Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.763{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp140.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationmsvcp140.dllMD5=6DA7F4530EDB350CF9D967D969CCECF8,SHA256=9FEE6F36547D6F6EA7CA0338655555DBA6BB0F798BC60334D29B94D1547DA4DA,IMPHASH=2BA11FD5A511C8A409E705E9AB6B5DC1trueMicrosoft CorporationValid 734700x8000000000000000343430Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.762{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242,IMPHASH=B6562243FBF394F03046E917C719260FtrueMicrosoft WindowsValid 734700x8000000000000000343429Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.762{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\SHCore.dll10.0.14393.5066 (rs1_release.220401-1841)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=FC58D75DDAF44088B9101BE2418B1967,SHA256=74A0CCA04F2405A329897A6A1A3E90A0CE48E5772F85E7188C75677CD9D78160,IMPHASH=3C09BDCE2388320645D7656AE2AC744CtrueMicrosoft WindowsValid 734700x8000000000000000343428Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.761{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\crypt32.dll10.0.14393.5291 (rs1_release.220806-1444)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=0D54B119907CCD11827832973EAB917D,SHA256=78C28A0165B0A2581662CFB3A89E319006518DC2E1A664E6027C7F8EBFA05D92,IMPHASH=42B269CD88D7BD841B43BB1788792A62trueMicrosoft WindowsValid 734700x8000000000000000343427Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.760{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\mozglue.dll104.0.2-FirefoxMozilla Foundationmozglue.dllMD5=D81C40EAA529D675598BD3D88F4D273B,SHA256=F89754F1E16A89AF01B5A3B2F4FDE652AA14DBA3131FB9A831D1E51E2E4D9359,IMPHASH=59035CC8561E9C04E566E656F35B9519trueMozilla CorporationValid 734700x8000000000000000343426Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.760{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ole32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=EB53D1BF6E1667C8727EBBB5D5A862ED,SHA256=2B3D48DFA43A284B1C66A8A98B0A48104133D86EEEB2E8E060BE2281CF476348,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 10341000x8000000000000000343425Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.758{6820D070-4AD1-6323-1200-000000007502}3961540C:\Windows\system32\svchost.exe{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cd4|c:\windows\system32\fntcache.dll+17a6f|c:\windows\system32\fntcache.dll+1a637|c:\windows\system32\fntcache.dll+1aa6c|c:\windows\system32\fntcache.dll+501de|c:\windows\system32\fntcache.dll+4fee2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343424Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.758{6820D070-4D64-6323-ED00-000000007502}61404084C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+114dfb|C:\Program Files\Mozilla Firefox\xul.dll+12ee2b1|C:\Windows\SYSTEM32\ntdll.dll+7f61d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed13|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000343423Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:25.758{6820D070-4D64-6323-ED00-000000007502}6140\gecko-crash-server-pipe.6140C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000343422Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.757{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\lsasrv.dll+26e07|C:\Windows\system32\lsasrv.dll+27f99|C:\Windows\system32\lsasrv.dll+26c85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343421Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.757{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2bdcf|C:\Windows\system32\lsasrv.dll+26bcd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343420Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.757{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000343419Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.756{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\combase.dll10.0.14393.5192 (rs1_release.220610-1622)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=336FBB55FF4D4E5A05343A51C98A8F74,SHA256=FD42EBCB39DD4311FA7515010FF4D08AC4DFF7D5C35FCB23207833ED4C2E8444,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 10341000x8000000000000000343418Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.756{6820D070-4AD1-6323-1200-000000007502}3961540C:\Windows\system32\svchost.exe{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cd4|c:\windows\system32\fntcache.dll+17a6f|c:\windows\system32\fntcache.dll+1a637|c:\windows\system32\fntcache.dll+1aa6c|c:\windows\system32\fntcache.dll+501de|c:\windows\system32\fntcache.dll+4fee2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343417Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.756{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000343416Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.756{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\sspicli.dll10.0.14393.5006 (rs1_release.220301-1704)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=F0258C58C8DC45AF9B5AAF9BA49E0C53,SHA256=8E1EAA39742CC0E97D615229E9C13C8447B8D115B4678A1F03BE3E8E20345521,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 10341000x8000000000000000343415Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.756{6820D070-4D64-6323-ED00-000000007502}61404084C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+114dfb|C:\Program Files\Mozilla Firefox\xul.dll+12ee2b1|C:\Windows\SYSTEM32\ntdll.dll+7f61d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed13|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343414Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.754{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\KernelBase.dll10.0.14393.5246 (rs1_release.220701-1744)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=96EFBE3DB6300BB13E0720809302FF9F,SHA256=2DE51A861E8D47D75730027E8BD70554363E10449EC258527C491EE8D4A57C2F,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000343413Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.750{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\version.dll10.0.14393.0 (rs1_release.160715-1616)Version Checking and File Installation LibrariesMicrosoft® Windows® Operating SystemMicrosoft CorporationVERSION.DLLMD5=CFDB018AC09F879CAAE7A66CA7880D57,SHA256=6AB95FD0D142CFFC3B9455AF51F003E1CD75B7F4323820390B975F9E1C8A47A5,IMPHASH=9A7C66851249D4CED6C2C9096DCA243BtrueMicrosoft WindowsValid 734700x8000000000000000343412Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.749{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\SHCore.dll10.0.14393.5066 (rs1_release.220401-1841)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=FC58D75DDAF44088B9101BE2418B1967,SHA256=74A0CCA04F2405A329897A6A1A3E90A0CE48E5772F85E7188C75677CD9D78160,IMPHASH=3C09BDCE2388320645D7656AE2AC744CtrueMicrosoft WindowsValid 734700x8000000000000000343411Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.749{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\combase.dll10.0.14393.5192 (rs1_release.220610-1622)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=336FBB55FF4D4E5A05343A51C98A8F74,SHA256=FD42EBCB39DD4311FA7515010FF4D08AC4DFF7D5C35FCB23207833ED4C2E8444,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000343410Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.748{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000343409Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.748{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=92D599E644B89C0F9E7DDB55762EBEA6,SHA256=F32D28EE73EADAF9EF3F30145FA3C52B88DF47236B8747434750832BF1B9CDEE,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000343408Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.746{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntdll.dll10.0.14393.5006 (rs1_release.220301-1704)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=F5EE39B17A8BCDEDC3D40997C26F62B1,SHA256=11C1C88B1CC11D9800DEEF27ED7ABDFDE3DC852687A3B9FBD5153284106E5952,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 18141800x8000000000000000343407Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:25.746{6820D070-4D64-6323-ED00-000000007502}6140\gecko-crash-server-pipe.6140C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000343406Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.745{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\firefox.exe104.0.2FirefoxFirefoxMozilla Corporationfirefox.exeMD5=BBF69077780A3C362C8F6545B6B254B9,SHA256=9BA01237719ABB00128CC369D5BEA68E6EB6AFCAA47C4316EED174615B90E2B6,IMPHASH=9AE80BC4D7F699F3663D6FC8FC1CEAF0trueMozilla CorporationValid 734700x8000000000000000343405Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.744{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 10341000x8000000000000000343404Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.740{6820D070-4AD1-6323-1200-000000007502}3961540C:\Windows\system32\svchost.exe{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cd4|c:\windows\system32\fntcache.dll+17a6f|c:\windows\system32\fntcache.dll+1a637|c:\windows\system32\fntcache.dll+1aa6c|c:\windows\system32\fntcache.dll+501de|c:\windows\system32\fntcache.dll+4fee2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343403Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.743{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000343402Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.741{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\userenv.dll10.0.14393.4583 (rs1_release.210730-1850)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=E0F286AF345442E267C33880492CED31,SHA256=5C6D66F5A748551999BE1CDE33A3A1FC2E10D1297EF275D232A9FDCC95BEA84B,IMPHASH=C84FC60AE2A79A06E8C46A6929CDECB4trueMicrosoft WindowsValid 10341000x8000000000000000343401Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.740{6820D070-4D64-6323-ED00-000000007502}61404084C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+114dfb|C:\Program Files\Mozilla Firefox\xul.dll+12ee2b1|C:\Windows\SYSTEM32\ntdll.dll+7f61d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed13|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000343400Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:25.739{6820D070-4D64-6323-ED00-000000007502}6140\gecko-crash-server-pipe.6140C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000343399Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.739{6820D070-4AD1-6323-1200-000000007502}3961540C:\Windows\system32\svchost.exe{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cd4|c:\windows\system32\fntcache.dll+17a6f|c:\windows\system32\fntcache.dll+1a637|c:\windows\system32\fntcache.dll+1aa6c|c:\windows\system32\fntcache.dll+501de|c:\windows\system32\fntcache.dll+4fee2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343398Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.737{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 734700x8000000000000000343397Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.737{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\shlwapi.dll10.0.14393.5125 (rs1_release.220429-1732)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=407E895A220DE1A60C5B555A113FE998,SHA256=FE184347784F83953457146562E0F6C87C8DA04D0288415465631325A2A98C92,IMPHASH=9F3DE8492A7F075320A36332ACC9CAAFtrueMicrosoft WindowsValid 734700x8000000000000000343396Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.737{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575,IMPHASH=CBD4A2FD581B65B4B1934DA291FA2B86trueMicrosoft WindowsValid 734700x8000000000000000343395Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.736{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\windows.storage.dll10.0.14393.5291 (rs1_release.220806-1444)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=AA86B65DCB0ECF7263B863DE2A4E8D00,SHA256=2C4E0CA21438A610DCC55E24190146254E959DC5B8A0DE00BE517365CCCB10FB,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 734700x8000000000000000343394Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.736{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36,IMPHASH=FF25576501EAFD13671A6D5075C4513EtrueMicrosoft WindowsValid 734700x8000000000000000343393Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.736{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\shell32.dll10.0.14393.5291 (rs1_release.220806-1444)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=D73641916AB4964C7FE9B4A37473A01B,SHA256=4BB60581FB93D73CDC4F1FBEA2DDACE5D16FE61B6E0E16622C326B6E2F407A7E,IMPHASH=2A461CACC80CB7AC077398BD06B4057AtrueMicrosoft WindowsValid 10341000x8000000000000000343392Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.735{6820D070-4AD1-6323-0C00-000000007502}8283184C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343391Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.735{6820D070-4AD1-6323-0C00-000000007502}8283184C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343390Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.735{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\DWrite.dll10.0.14393.4704 (rs1_release.211004-1917)Microsoft DirectX Typography ServicesMicrosoft® Windows® Operating SystemMicrosoft CorporationDWriteMD5=E6024B83C3D336E71E636E2816A0F6C6,SHA256=6BCFB676656A149E0307D6BA0AEE58FA6057BB8A920B57505CD2B90C8968DF94,IMPHASH=4DF173E853B52F621D05CC337B9F72CEtrueMicrosoft WindowsValid 10341000x8000000000000000343389Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.735{6820D070-4AD1-6323-0C00-000000007502}8283184C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343388Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.735{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\DWrite.dll10.0.14393.4704 (rs1_release.211004-1917)Microsoft DirectX Typography ServicesMicrosoft® Windows® Operating SystemMicrosoft CorporationDWriteMD5=E6024B83C3D336E71E636E2816A0F6C6,SHA256=6BCFB676656A149E0307D6BA0AEE58FA6057BB8A920B57505CD2B90C8968DF94,IMPHASH=4DF173E853B52F621D05CC337B9F72CEtrueMicrosoft WindowsValid 10341000x8000000000000000343387Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.734{6820D070-4AD1-6323-0C00-000000007502}8283184C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343386Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.733{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\devobj.dll10.0.14393.0 (rs1_release.160715-1616)Device Information Set DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationdevinfoset.DLLMD5=72AD993A6E896EB50058A73D045F3284,SHA256=CFF524F52D5F91788F34A47076E0CA36132890981079B27F559279B3F6FC3B11,IMPHASH=DFDCA72C641F8587ADF49CA0ED1D5817trueMicrosoft WindowsValid 734700x8000000000000000343385Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.732{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\setupapi.dll10.0.14393.2608 (rs1_release.181024-1742)Windows Setup APIMicrosoft® Windows® Operating SystemMicrosoft CorporationSETUPAPI.DLLMD5=8EEA3E9E124AC395915517588723F12E,SHA256=ED63B8F0079069271F46EECCB4B0CF384D02BD1E18FE3BA635A0C0B1284B2CBE,IMPHASH=5910ADAAC44A92AFA6ED871531949CEEtrueMicrosoft WindowsValid 734700x8000000000000000343384Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.731{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\version.dll10.0.14393.0 (rs1_release.160715-1616)Version Checking and File Installation LibrariesMicrosoft® Windows® Operating SystemMicrosoft CorporationVERSION.DLLMD5=CFDB018AC09F879CAAE7A66CA7880D57,SHA256=6AB95FD0D142CFFC3B9455AF51F003E1CD75B7F4323820390B975F9E1C8A47A5,IMPHASH=9A7C66851249D4CED6C2C9096DCA243BtrueMicrosoft WindowsValid 18141800x8000000000000000343383Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:25.731{6820D070-4D64-6323-ED00-000000007502}6140\LOCAL\cubeb-pipe-6140-27C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000343382Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:25.731{6820D070-4D64-6323-ED00-000000007502}6140\LOCAL\cubeb-pipe-6140-27C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000343381Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.730{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\SHCore.dll10.0.14393.5066 (rs1_release.220401-1841)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=FC58D75DDAF44088B9101BE2418B1967,SHA256=74A0CCA04F2405A329897A6A1A3E90A0CE48E5772F85E7188C75677CD9D78160,IMPHASH=3C09BDCE2388320645D7656AE2AC744CtrueMicrosoft WindowsValid 734700x8000000000000000343380Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.730{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\combase.dll10.0.14393.5192 (rs1_release.220610-1622)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=336FBB55FF4D4E5A05343A51C98A8F74,SHA256=FD42EBCB39DD4311FA7515010FF4D08AC4DFF7D5C35FCB23207833ED4C2E8444,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000343379Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.729{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000343378Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.729{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000343377Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.729{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704,IMPHASH=1835EBC72F9ADB09C6FCFABC04AC9C89trueMicrosoft WindowsValid 734700x8000000000000000343376Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.728{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36,IMPHASH=FF25576501EAFD13671A6D5075C4513EtrueMicrosoft WindowsValid 734700x8000000000000000343375Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.728{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36,IMPHASH=FF25576501EAFD13671A6D5075C4513EtrueMicrosoft WindowsValid 734700x8000000000000000343374Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.728{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winmmbase.dll10.0.14393.0 (rs1_release.160715-1616)Base Multimedia Extension API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMMbase.DLLMD5=24C1E8F8C10471C5A6F0E8AF141211EB,SHA256=75ECAE23C920D81614BA5C0648377C2FC04C7379FD6A388C244A81F50AAB7B1C,IMPHASH=0B9A3C99AAFA99247F9E2BD866186AEAtrueMicrosoft WindowsValid 734700x8000000000000000343373Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.728{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winmm.dll10.0.14393.0 (rs1_release.160715-1616)MCI API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMM.DLLMD5=F16410F5D557337B05CF4F93691EC106,SHA256=2B5BC3C0A6514356C6719298FC25D8D192A2C973EE3283EF48379D2745C9BD87,IMPHASH=9F0D37252D56D3F9E44E69CCC59B57AEtrueMicrosoft WindowsValid 734700x8000000000000000343372Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.728{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\devobj.dll10.0.14393.0 (rs1_release.160715-1616)Device Information Set DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationdevinfoset.DLLMD5=72AD993A6E896EB50058A73D045F3284,SHA256=CFF524F52D5F91788F34A47076E0CA36132890981079B27F559279B3F6FC3B11,IMPHASH=DFDCA72C641F8587ADF49CA0ED1D5817trueMicrosoft WindowsValid 734700x8000000000000000343371Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.726{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\setupapi.dll10.0.14393.2608 (rs1_release.181024-1742)Windows Setup APIMicrosoft® Windows® Operating SystemMicrosoft CorporationSETUPAPI.DLLMD5=8EEA3E9E124AC395915517588723F12E,SHA256=ED63B8F0079069271F46EECCB4B0CF384D02BD1E18FE3BA635A0C0B1284B2CBE,IMPHASH=5910ADAAC44A92AFA6ED871531949CEEtrueMicrosoft WindowsValid 734700x8000000000000000343370Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.725{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ole32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=EB53D1BF6E1667C8727EBBB5D5A862ED,SHA256=2B3D48DFA43A284B1C66A8A98B0A48104133D86EEEB2E8E060BE2281CF476348,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000343369Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.725{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntdll.dll10.0.14393.5006 (rs1_release.220301-1704)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=F5EE39B17A8BCDEDC3D40997C26F62B1,SHA256=11C1C88B1CC11D9800DEEF27ED7ABDFDE3DC852687A3B9FBD5153284106E5952,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000343368Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.724{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000343367Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.724{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wintrust.dll10.0.14393.5125 (rs1_release.220429-1732)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=55FCE44E89BDA2444619661FE50F43EE,SHA256=420CACA0D821E7E9F1D1E683E9899BC2F6D5A4AA06C8D4BB23335DD9490CC0F8,IMPHASH=8B8383FC3FA03C92F859A2AF899A52ADtrueMicrosoft WindowsValid 734700x8000000000000000343366Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.723{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll104.0.2-FirefoxMozilla Foundationxul.dllMD5=0A51F22D078855CE4E32F0987E9B06C6,SHA256=CD073C7F42A13D192E8E96AC16B0C2BE56D40424768DC65733380AB4AFBD4716,IMPHASH=9A9A84C657A1B1C5F1F6F1989D349543trueMozilla CorporationValid 734700x8000000000000000343365Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.723{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 10341000x8000000000000000343364Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.722{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\lsasrv.dll+26e07|C:\Windows\system32\lsasrv.dll+27f99|C:\Windows\system32\lsasrv.dll+26c85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343363Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.722{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2bdcf|C:\Windows\system32\lsasrv.dll+26bcd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343362Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.722{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\sspicli.dll10.0.14393.5006 (rs1_release.220301-1704)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=F0258C58C8DC45AF9B5AAF9BA49E0C53,SHA256=8E1EAA39742CC0E97D615229E9C13C8447B8D115B4678A1F03BE3E8E20345521,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x8000000000000000343361Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.720{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wintrust.dll10.0.14393.5125 (rs1_release.220429-1732)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=55FCE44E89BDA2444619661FE50F43EE,SHA256=420CACA0D821E7E9F1D1E683E9899BC2F6D5A4AA06C8D4BB23335DD9490CC0F8,IMPHASH=8B8383FC3FA03C92F859A2AF899A52ADtrueMicrosoft WindowsValid 734700x8000000000000000343360Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.720{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll104.0.2-FirefoxMozilla Foundationxul.dllMD5=0A51F22D078855CE4E32F0987E9B06C6,SHA256=CD073C7F42A13D192E8E96AC16B0C2BE56D40424768DC65733380AB4AFBD4716,IMPHASH=9A9A84C657A1B1C5F1F6F1989D349543trueMozilla CorporationValid 734700x8000000000000000343359Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.719{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\lgpllibs.dll104.0.2-FirefoxMozilla Foundationlgpllibs.dllMD5=8A81C934123E7CA79B7A1741570D3336,SHA256=0A0F351BBB315E6364398A55F77607E57C29CB83BEE9FC6D7EA6DC3D761964DA,IMPHASH=451AECEA9F58042E76D96A82BE2804FAtrueMozilla CorporationValid 734700x8000000000000000343358Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.719{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\userenv.dll10.0.14393.4583 (rs1_release.210730-1850)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=E0F286AF345442E267C33880492CED31,SHA256=5C6D66F5A748551999BE1CDE33A3A1FC2E10D1297EF275D232A9FDCC95BEA84B,IMPHASH=C84FC60AE2A79A06E8C46A6929CDECB4trueMicrosoft WindowsValid 734700x8000000000000000343357Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.718{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\lgpllibs.dll104.0.2-FirefoxMozilla Foundationlgpllibs.dllMD5=8A81C934123E7CA79B7A1741570D3336,SHA256=0A0F351BBB315E6364398A55F77607E57C29CB83BEE9FC6D7EA6DC3D761964DA,IMPHASH=451AECEA9F58042E76D96A82BE2804FAtrueMozilla CorporationValid 734700x8000000000000000343356Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.717{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wsock32.dll10.0.14393.0 (rs1_release.160715-1616)Windows Socket 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationwsock32.dllMD5=9471D5E2FEDF5552440BF935143DFAB0,SHA256=B489197F05EFFFB17F10FA9942DB88100C86BEB8291F9ACC8EB38BEF751BF90D,IMPHASH=6D33A1BDF842DEBFB889C44A830190E7trueMicrosoft WindowsValid 734700x8000000000000000343355Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.717{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ole32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=EB53D1BF6E1667C8727EBBB5D5A862ED,SHA256=2B3D48DFA43A284B1C66A8A98B0A48104133D86EEEB2E8E060BE2281CF476348,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000343354Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.716{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 10341000x8000000000000000343353Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.716{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\lsasrv.dll+26e07|C:\Windows\system32\lsasrv.dll+27f99|C:\Windows\system32\lsasrv.dll+26c85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343352Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.716{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\rpcrt4.dll10.0.14393.5291 (rs1_release.220806-1444)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=F8550606B41FF309D9A1DC76BB4EE875,SHA256=A1FFDD6A2EDA9E0CF047C74B00649A2EA228E3B8BDE1761C66879FA40335C2EB,IMPHASH=C4246EC3F13C64466ED4274DBAA3B132trueMicrosoft WindowsValid 10341000x8000000000000000343351Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.716{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2bdcf|C:\Windows\system32\lsasrv.dll+26bcd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343350Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.716{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\sechost.dll10.0.14393.5006 (rs1_release.220301-1704)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=9F0F4C38A22FC9FFB8814F77A9563680,SHA256=E9ABDA1063716301F5D06DBC94D6A35B3F53A14B946525E5F764485132DB6166,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000343349Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.715{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\sspicli.dll10.0.14393.5006 (rs1_release.220301-1704)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=F0258C58C8DC45AF9B5AAF9BA49E0C53,SHA256=8E1EAA39742CC0E97D615229E9C13C8447B8D115B4678A1F03BE3E8E20345521,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x8000000000000000343348Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.715{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000343347Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.715{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\advapi32.dll10.0.14393.4886 (rs1_release.220104-1735)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=C42106182CCA611F629E46981D1A0EEA,SHA256=68C134F95A8D38AE84545C8D581F4BF808B6C9D97513EA3CABF019C66419CBAE,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x8000000000000000343346Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.715{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\nss3.dll104.0.2-FirefoxMozilla Foundationnss3.dllMD5=53509A4511300964ADB047AD5F1F1170,SHA256=2241536476C6C2CCE371DCFB08432C351198809A577FFC2E79D27FCEAAB6FEE5,IMPHASH=C637BF48786E5FC945D5268F49B50500trueMozilla CorporationValid 734700x8000000000000000343345Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.714{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wsock32.dll10.0.14393.0 (rs1_release.160715-1616)Windows Socket 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationwsock32.dllMD5=9471D5E2FEDF5552440BF935143DFAB0,SHA256=B489197F05EFFFB17F10FA9942DB88100C86BEB8291F9ACC8EB38BEF751BF90D,IMPHASH=6D33A1BDF842DEBFB889C44A830190E7trueMicrosoft WindowsValid 734700x8000000000000000343344Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.713{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\firefox.exe104.0.2FirefoxFirefoxMozilla Corporationfirefox.exeMD5=BBF69077780A3C362C8F6545B6B254B9,SHA256=9BA01237719ABB00128CC369D5BEA68E6EB6AFCAA47C4316EED174615B90E2B6,IMPHASH=9AE80BC4D7F699F3663D6FC8FC1CEAF0trueMozilla CorporationValid 734700x8000000000000000343343Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.713{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\userenv.dll10.0.14393.4583 (rs1_release.210730-1850)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=E0F286AF345442E267C33880492CED31,SHA256=5C6D66F5A748551999BE1CDE33A3A1FC2E10D1297EF275D232A9FDCC95BEA84B,IMPHASH=C84FC60AE2A79A06E8C46A6929CDECB4trueMicrosoft WindowsValid 734700x8000000000000000343342Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.713{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 734700x8000000000000000343341Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.712{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000343340Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.712{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\gdi32full.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F284A98093B423946252259D7D2857D3,SHA256=193F70529B68EF108EA17ABC069E6DACF4541A547DF1D2F249F7555A58BCFA07,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000343339Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.711{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 734700x8000000000000000343338Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.711{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 10341000x8000000000000000343337Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.708{6820D070-4AD1-6323-0C00-000000007502}8283184C:\Windows\system32\svchost.exe{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+406b6|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+54cfb|C:\Windows\System32\RPCRT4.dll+533da|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343336Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.710{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\rpcrt4.dll10.0.14393.5291 (rs1_release.220806-1444)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=F8550606B41FF309D9A1DC76BB4EE875,SHA256=A1FFDD6A2EDA9E0CF047C74B00649A2EA228E3B8BDE1761C66879FA40335C2EB,IMPHASH=C4246EC3F13C64466ED4274DBAA3B132trueMicrosoft WindowsValid 734700x8000000000000000343335Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.710{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000343334Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.710{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 734700x8000000000000000343333Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.710{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000343332Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.710{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\version.dll10.0.14393.0 (rs1_release.160715-1616)Version Checking and File Installation LibrariesMicrosoft® Windows® Operating SystemMicrosoft CorporationVERSION.DLLMD5=CFDB018AC09F879CAAE7A66CA7880D57,SHA256=6AB95FD0D142CFFC3B9455AF51F003E1CD75B7F4323820390B975F9E1C8A47A5,IMPHASH=9A7C66851249D4CED6C2C9096DCA243BtrueMicrosoft WindowsValid 734700x8000000000000000343331Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.709{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\shlwapi.dll10.0.14393.5125 (rs1_release.220429-1732)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=407E895A220DE1A60C5B555A113FE998,SHA256=FE184347784F83953457146562E0F6C87C8DA04D0288415465631325A2A98C92,IMPHASH=9F3DE8492A7F075320A36332ACC9CAAFtrueMicrosoft WindowsValid 734700x8000000000000000343330Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.709{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\shlwapi.dll10.0.14393.5125 (rs1_release.220429-1732)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=407E895A220DE1A60C5B555A113FE998,SHA256=FE184347784F83953457146562E0F6C87C8DA04D0288415465631325A2A98C92,IMPHASH=9F3DE8492A7F075320A36332ACC9CAAFtrueMicrosoft WindowsValid 734700x8000000000000000343329Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.709{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\SHCore.dll10.0.14393.5066 (rs1_release.220401-1841)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=FC58D75DDAF44088B9101BE2418B1967,SHA256=74A0CCA04F2405A329897A6A1A3E90A0CE48E5772F85E7188C75677CD9D78160,IMPHASH=3C09BDCE2388320645D7656AE2AC744CtrueMicrosoft WindowsValid 734700x8000000000000000343328Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.709{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575,IMPHASH=CBD4A2FD581B65B4B1934DA291FA2B86trueMicrosoft WindowsValid 734700x8000000000000000343327Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.708{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575,IMPHASH=CBD4A2FD581B65B4B1934DA291FA2B86trueMicrosoft WindowsValid 734700x8000000000000000343326Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.708{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\sechost.dll10.0.14393.5006 (rs1_release.220301-1704)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=9F0F4C38A22FC9FFB8814F77A9563680,SHA256=E9ABDA1063716301F5D06DBC94D6A35B3F53A14B946525E5F764485132DB6166,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000343325Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.708{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\windows.storage.dll10.0.14393.5291 (rs1_release.220806-1444)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=AA86B65DCB0ECF7263B863DE2A4E8D00,SHA256=2C4E0CA21438A610DCC55E24190146254E959DC5B8A0DE00BE517365CCCB10FB,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 734700x8000000000000000343324Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.708{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4770 (rs1_release.211101-1440)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=54417B63FB3760BC6DBC5DB1BDA4C272,SHA256=B7A8B457B252AB949C067D5FCFEFB2AE98E9115B958D2A0FC120D7B13B3E9FAD,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000343323Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.708{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\windows.storage.dll10.0.14393.5291 (rs1_release.220806-1444)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=AA86B65DCB0ECF7263B863DE2A4E8D00,SHA256=2C4E0CA21438A610DCC55E24190146254E959DC5B8A0DE00BE517365CCCB10FB,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 734700x8000000000000000343322Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.708{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000343321Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.707{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\shell32.dll10.0.14393.5291 (rs1_release.220806-1444)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=D73641916AB4964C7FE9B4A37473A01B,SHA256=4BB60581FB93D73CDC4F1FBEA2DDACE5D16FE61B6E0E16622C326B6E2F407A7E,IMPHASH=2A461CACC80CB7AC077398BD06B4057AtrueMicrosoft WindowsValid 734700x8000000000000000343320Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.707{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000343319Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.707{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wintrust.dll10.0.14393.5125 (rs1_release.220429-1732)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=55FCE44E89BDA2444619661FE50F43EE,SHA256=420CACA0D821E7E9F1D1E683E9899BC2F6D5A4AA06C8D4BB23335DD9490CC0F8,IMPHASH=8B8383FC3FA03C92F859A2AF899A52ADtrueMicrosoft WindowsValid 734700x8000000000000000343318Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.706{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll104.0.2-FirefoxMozilla Foundationxul.dllMD5=0A51F22D078855CE4E32F0987E9B06C6,SHA256=CD073C7F42A13D192E8E96AC16B0C2BE56D40424768DC65733380AB4AFBD4716,IMPHASH=9A9A84C657A1B1C5F1F6F1989D349543trueMozilla CorporationValid 734700x8000000000000000343317Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.706{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\lgpllibs.dll104.0.2-FirefoxMozilla Foundationlgpllibs.dllMD5=8A81C934123E7CA79B7A1741570D3336,SHA256=0A0F351BBB315E6364398A55F77607E57C29CB83BEE9FC6D7EA6DC3D761964DA,IMPHASH=451AECEA9F58042E76D96A82BE2804FAtrueMozilla CorporationValid 10341000x8000000000000000343316Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.705{6820D070-4D64-6323-ED00-000000007502}61404264C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+27040|C:\Program Files\Mozilla Firefox\xul.dll+e7c824|C:\Program Files\Mozilla Firefox\xul.dll+e76539|C:\Program Files\Mozilla Firefox\xul.dll+e6774a|C:\Program Files\Mozilla Firefox\xul.dll+378cdc3|C:\Program Files\Mozilla Firefox\xul.dll+7c6334|C:\Program Files\Mozilla Firefox\xul.dll+1a629d7|C:\Program Files\Mozilla Firefox\xul.dll+17b18ec|C:\Program Files\Mozilla Firefox\xul.dll+1a88fb4|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+1fc8e|C:\Program Files\Mozilla Firefox\xul.dll+180dd8|C:\Program Files\Mozilla Firefox\xul.dll+17fd52|C:\Program Files\Mozilla Firefox\xul.dll+44a9b51|C:\Program Files\Mozilla Firefox\xul.dll+4511b42|C:\Program Files\Mozilla Firefox\xul.dll+451296c|C:\Program Files\Mozilla Firefox\xul.dll+1f8be23|C:\Program Files\Mozilla Firefox\firefox.exe+19db6|C:\Program Files\Mozilla Firefox\firefox.exe+27d18|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343315Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.705{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\vcruntime140_1.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140_1.dllMD5=135359D350F72AD4BF716B764D39E749,SHA256=34048ABAA070ECC13B318CEA31425F4CA3EDD133D350318AC65259E6058C8B32,IMPHASH=AE0BDE6314FA2027B54CE04898F6AB69trueMicrosoft CorporationValid 10341000x8000000000000000343314Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.704{6820D070-4D64-6323-ED00-000000007502}61404264C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+27040|C:\Program Files\Mozilla Firefox\xul.dll+e7c824|C:\Program Files\Mozilla Firefox\xul.dll+e76539|C:\Program Files\Mozilla Firefox\xul.dll+e6774a|C:\Program Files\Mozilla Firefox\xul.dll+378cdc3|C:\Program Files\Mozilla Firefox\xul.dll+7c6334|C:\Program Files\Mozilla Firefox\xul.dll+1a629d7|C:\Program Files\Mozilla Firefox\xul.dll+17b18ec|C:\Program Files\Mozilla Firefox\xul.dll+1a88fb4|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+1fc8e|C:\Program Files\Mozilla Firefox\xul.dll+180dd8|C:\Program Files\Mozilla Firefox\xul.dll+17fd52|C:\Program Files\Mozilla Firefox\xul.dll+44a9b51|C:\Program Files\Mozilla Firefox\xul.dll+4511b42|C:\Program Files\Mozilla Firefox\xul.dll+451296c|C:\Program Files\Mozilla Firefox\xul.dll+1f8be23|C:\Program Files\Mozilla Firefox\firefox.exe+19db6|C:\Program Files\Mozilla Firefox\firefox.exe+27d18|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343313Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.704{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wsock32.dll10.0.14393.0 (rs1_release.160715-1616)Windows Socket 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationwsock32.dllMD5=9471D5E2FEDF5552440BF935143DFAB0,SHA256=B489197F05EFFFB17F10FA9942DB88100C86BEB8291F9ACC8EB38BEF751BF90D,IMPHASH=6D33A1BDF842DEBFB889C44A830190E7trueMicrosoft WindowsValid 734700x8000000000000000343312Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.704{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\vcruntime140.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140.dllMD5=F34EB034AA4A9735218686590CBA2E8B,SHA256=9D2B40F0395CC5D1B4D5EA17B84970C29971D448C37104676DB577586D4AD1B1,IMPHASH=44C3854843F7A3FCCDF8DDBBEA66F302trueMicrosoft CorporationValid 10341000x8000000000000000343311Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.703{6820D070-4D64-6323-ED00-000000007502}61404264C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+27040|C:\Program Files\Mozilla Firefox\xul.dll+e7c824|C:\Program Files\Mozilla Firefox\xul.dll+e76539|C:\Program Files\Mozilla Firefox\xul.dll+e6774a|C:\Program Files\Mozilla Firefox\xul.dll+378cdc3|C:\Program Files\Mozilla Firefox\xul.dll+7c6334|C:\Program Files\Mozilla Firefox\xul.dll+1a629d7|C:\Program Files\Mozilla Firefox\xul.dll+17b18ec|C:\Program Files\Mozilla Firefox\xul.dll+1a88fb4|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+1fc8e|C:\Program Files\Mozilla Firefox\xul.dll+180dd8|C:\Program Files\Mozilla Firefox\xul.dll+17fd52|C:\Program Files\Mozilla Firefox\xul.dll+44a9b51|C:\Program Files\Mozilla Firefox\xul.dll+4511b42|C:\Program Files\Mozilla Firefox\xul.dll+451296c|C:\Program Files\Mozilla Firefox\xul.dll+1f8be23|C:\Program Files\Mozilla Firefox\firefox.exe+19db6|C:\Program Files\Mozilla Firefox\firefox.exe+27d18|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343310Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.702{6820D070-4DF9-6323-1E01-000000007502}7164C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\shell32.dll10.0.14393.5291 (rs1_release.220806-1444)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=D73641916AB4964C7FE9B4A37473A01B,SHA256=4BB60581FB93D73CDC4F1FBEA2DDACE5D16FE61B6E0E16622C326B6E2F407A7E,IMPHASH=2A461CACC80CB7AC077398BD06B4057AtrueMicrosoft WindowsValid 10341000x8000000000000000343309Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.702{6820D070-4D64-6323-ED00-000000007502}61405612C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+9f9b59|C:\Program Files\Mozilla Firefox\xul.dll+7c6334|C:\Program Files\Mozilla Firefox\xul.dll+1a7fd3f|C:\Program Files\Mozilla Firefox\xul.dll+12cb5|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+127e7|C:\Program Files\Mozilla Firefox\xul.dll+9e0231|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343308Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.702{6820D070-4D64-6323-ED00-000000007502}61405612C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+9f9b59|C:\Program Files\Mozilla Firefox\xul.dll+7c6334|C:\Program Files\Mozilla Firefox\xul.dll+1a7fd3f|C:\Program Files\Mozilla Firefox\xul.dll+12cb5|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+127e7|C:\Program Files\Mozilla Firefox\xul.dll+9e0231|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343307Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.702{6820D070-4D64-6323-ED00-000000007502}61404264C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+27040|C:\Program Files\Mozilla Firefox\xul.dll+e7c824|C:\Program Files\Mozilla Firefox\xul.dll+e76539|C:\Program Files\Mozilla Firefox\xul.dll+e6774a|C:\Program Files\Mozilla Firefox\xul.dll+378cdc3|C:\Program Files\Mozilla Firefox\xul.dll+7c6334|C:\Program Files\Mozilla Firefox\xul.dll+1a629d7|C:\Program Files\Mozilla Firefox\xul.dll+17b18ec|C:\Program Files\Mozilla Firefox\xul.dll+1a88fb4|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+1fc8e|C:\Program Files\Mozilla Firefox\xul.dll+180dd8|C:\Program Files\Mozilla Firefox\xul.dll+17fd52|C:\Program Files\Mozilla Firefox\xul.dll+44a9b51|C:\Program Files\Mozilla Firefox\xul.dll+4511b42|C:\Program Files\Mozilla Firefox\xul.dll+451296c|C:\Program Files\Mozilla Firefox\xul.dll+1f8be23|C:\Program Files\Mozilla Firefox\firefox.exe+19db6|C:\Program Files\Mozilla Firefox\firefox.exe+27d18|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343306Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.701{6820D070-4D64-6323-ED00-000000007502}61405612C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+9f9b59|C:\Program Files\Mozilla Firefox\xul.dll+7c6334|C:\Program Files\Mozilla Firefox\xul.dll+1a7fd3f|C:\Program Files\Mozilla Firefox\xul.dll+12cb5|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+127e7|C:\Program Files\Mozilla Firefox\xul.dll+9e0231|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000343305Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:25.701{6820D070-4D64-6323-ED00-000000007502}6140\LOCAL\cubeb-pipe-6140-26C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000343304Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:25.701{6820D070-4D64-6323-ED00-000000007502}6140\LOCAL\cubeb-pipe-6140-26C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000343303Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.701{6820D070-4D64-6323-ED00-000000007502}61405612C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+9f9b59|C:\Program Files\Mozilla Firefox\xul.dll+7c6334|C:\Program Files\Mozilla Firefox\xul.dll+1a7fd3f|C:\Program Files\Mozilla Firefox\xul.dll+12cb5|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+127e7|C:\Program Files\Mozilla Firefox\xul.dll+9e0231|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343302Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.701{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000343301Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.700{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp140.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationmsvcp140.dllMD5=6DA7F4530EDB350CF9D967D969CCECF8,SHA256=9FEE6F36547D6F6EA7CA0338655555DBA6BB0F798BC60334D29B94D1547DA4DA,IMPHASH=2BA11FD5A511C8A409E705E9AB6B5DC1trueMicrosoft CorporationValid 734700x8000000000000000343300Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.700{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\advapi32.dll10.0.14393.4886 (rs1_release.220104-1735)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=C42106182CCA611F629E46981D1A0EEA,SHA256=68C134F95A8D38AE84545C8D581F4BF808B6C9D97513EA3CABF019C66419CBAE,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x8000000000000000343299Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.700{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242,IMPHASH=B6562243FBF394F03046E917C719260FtrueMicrosoft WindowsValid 734700x8000000000000000343298Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.700{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\nss3.dll104.0.2-FirefoxMozilla Foundationnss3.dllMD5=53509A4511300964ADB047AD5F1F1170,SHA256=2241536476C6C2CCE371DCFB08432C351198809A577FFC2E79D27FCEAAB6FEE5,IMPHASH=C637BF48786E5FC945D5268F49B50500trueMozilla CorporationValid 10341000x8000000000000000343297Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.699{6820D070-4B7C-6323-8800-000000007502}6284268C:\Windows\system32\csrss.exe{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 734700x8000000000000000343296Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.699{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 10341000x8000000000000000343295Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.698{6820D070-4D64-6323-ED00-000000007502}61405840C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b830|C:\Windows\System32\KERNELBASE.dll+6f523|C:\Windows\System32\ADVAPI32.dll+189bf|C:\Program Files\Mozilla Firefox\firefox.exe+2bb52|C:\Program Files\Mozilla Firefox\firefox.exe+59d7|C:\Program Files\Mozilla Firefox\xul.dll+203367f|C:\Program Files\Mozilla Firefox\xul.dll+9f4a88|C:\Program Files\Mozilla Firefox\xul.dll+9f2b85|C:\Program Files\Mozilla Firefox\xul.dll+9faa2e|C:\Program Files\Mozilla Firefox\xul.dll+84ead3|C:\Program Files\Mozilla Firefox\xul.dll+17b26ed|C:\Program Files\Mozilla Firefox\xul.dll+17b0885|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+1fc8e|C:\Program Files\Mozilla Firefox\xul.dll+8523f7|C:\Program Files\Mozilla Firefox\nss3.dll+75edc|C:\Program Files\Mozilla Firefox\nss3.dll+8c1d1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343294Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.698{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\crypt32.dll10.0.14393.5291 (rs1_release.220806-1444)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=0D54B119907CCD11827832973EAB917D,SHA256=78C28A0165B0A2581662CFB3A89E319006518DC2E1A664E6027C7F8EBFA05D92,IMPHASH=42B269CD88D7BD841B43BB1788792A62trueMicrosoft WindowsValid 154100x8000000000000000343293Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.698{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exe104.0.2FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6140.37.689116274\1853029452" -childID 34 -isForBrowser -prefsHandle 6860 -prefMapHandle 6880 -prefsLen 31603 -prefMapSize 231974 -jsInitHandle 1100 -jsInitLen 247228 -a11yResourceId 64 -parentBuildID 20220902153754 -appDir "C:\Program Files\Mozilla Firefox\browser" - 6140 "\\.\pipe\gecko-crash-server-pipe.6140" 5204 2612e5d2348 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{6820D070-4B7D-6323-1F63-0C0000000000}0xc631f2LowMD5=BBF69077780A3C362C8F6545B6B254B9,SHA256=9BA01237719ABB00128CC369D5BEA68E6EB6AFCAA47C4316EED174615B90E2B6,IMPHASH=9AE80BC4D7F699F3663D6FC8FC1CEAF0{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 22542200x8000000000000000343292Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.067{6820D070-4D64-6323-ED00-000000007502}6140iad-2-sync.go.sonobi.com069.166.1.12;69.166.1.10;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343291Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.066{6820D070-4D64-6323-ED00-000000007502}6140sync.go.sonobi.com0type: 5 iad-2-sync.go.sonobi.com;::ffff:69.166.1.10;::ffff:69.166.1.12;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343290Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.065{6820D070-4D64-6323-ED00-000000007502}6140sync.go.sonobi.com0type: 5 iad-2-sync.go.sonobi.com;::ffff:69.166.1.12;::ffff:69.166.1.10;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343289Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.001{6820D070-4D64-6323-ED00-000000007502}6140creativecdn.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343288Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.982{6820D070-4D64-6323-ED00-000000007502}6140ads.stickyadstv.com0type: 5 ip1.ads.stickyadstv.com.akadns.net;type: 5 ip2.ads.stickyadstv.com.akadns.net;type: 5 fp6.ads.stickyadstv.com.akadns.net;::ffff:38.98.139.151;::ffff:38.98.139.150;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343287Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.979{6820D070-4D64-6323-ED00-000000007502}6140ssum.casalemedia.com.cdn.cloudflare.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343286Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.977{6820D070-4D64-6323-ED00-000000007502}6140creativecdn.com0185.184.8.90;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343285Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.967{6820D070-4D64-6323-ED00-000000007502}6140ads.stickyadstv.com0type: 5 ip1.ads.stickyadstv.com.akadns.net;type: 5 ip2.ads.stickyadstv.com.akadns.net;type: 5 fp6.ads.stickyadstv.com.akadns.net;::ffff:38.98.139.150;::ffff:38.98.139.151;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343284Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.966{6820D070-4D64-6323-ED00-000000007502}6140creativecdn.com0::ffff:185.184.8.90;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343283Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.965{6820D070-4D64-6323-ED00-000000007502}6140ssum.casalemedia.com.cdn.cloudflare.net0104.18.19.126;104.18.18.126;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343282Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.862{6820D070-4D64-6323-ED00-000000007502}6140production-loadbalancer-1975618156.eu-central-1.elb.amazonaws.com03.127.18.59;3.74.206.104;18.197.160.71;18.194.202.243;18.198.12.238;52.28.123.190;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343281Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.860{6820D070-4D64-6323-ED00-000000007502}6140a-prebid.vidoomy.com0type: 5 production-loadbalancer-1975618156.eu-central-1.elb.amazonaws.com;::ffff:52.28.123.190;::ffff:3.127.18.59;::ffff:3.74.206.104;::ffff:18.197.160.71;::ffff:18.194.202.243;::ffff:18.198.12.238;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343280Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.849{6820D070-4D64-6323-ED00-000000007502}6140a-prebid.vidoomy.com0type: 5 production-loadbalancer-1975618156.eu-central-1.elb.amazonaws.com;::ffff:18.198.12.238;::ffff:52.28.123.190;::ffff:3.127.18.59;::ffff:3.74.206.104;::ffff:18.197.160.71;::ffff:18.194.202.243;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343279Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.778{6820D070-4D64-6323-ED00-000000007502}6140static.smilewanted.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343278Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.765{6820D070-4D64-6323-ED00-000000007502}6140static.smilewanted.com0104.18.25.121;104.18.24.121;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343277Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.764{6820D070-4D64-6323-ED00-000000007502}6140static.smilewanted.com0::ffff:104.18.24.121;::ffff:104.18.25.121;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343276Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.760{6820D070-4D64-6323-ED00-000000007502}6140static.smilewanted.com0::ffff:104.18.25.121;::ffff:104.18.24.121;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343275Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.723{6820D070-4D64-6323-ED00-000000007502}6140rtb.gumgum.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343274Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.718{6820D070-4D64-6323-ED00-000000007502}6140rtb.gumgum.com054.205.218.67;18.209.188.131;34.236.30.55;54.205.202.197;3.226.20.33;52.207.167.189;54.236.105.82;54.144.187.195;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343273Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.715{6820D070-4D64-6323-ED00-000000007502}6140rtb.gumgum.com0::ffff:54.144.187.195;::ffff:54.205.218.67;::ffff:18.209.188.131;::ffff:34.236.30.55;::ffff:54.205.202.197;::ffff:3.226.20.33;::ffff:52.207.167.189;::ffff:54.236.105.82;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343272Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.713{6820D070-4D64-6323-ED00-000000007502}6140rtb.gumgum.com0::ffff:54.236.105.82;::ffff:54.144.187.195;::ffff:54.205.218.67;::ffff:18.209.188.131;::ffff:34.236.30.55;::ffff:54.205.202.197;::ffff:3.226.20.33;::ffff:52.207.167.189;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343271Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.699{6820D070-4D64-6323-ED00-000000007502}6140pixel.33across.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343270Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.682{6820D070-4D64-6323-ED00-000000007502}6140pixel.33across.com067.202.105.21;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343269Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.678{6820D070-4D64-6323-ED00-000000007502}6140e6791.b.akamaiedge.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343268Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.677{6820D070-4D64-6323-ED00-000000007502}6140prod.ups-ats.us-east-1.aolp-ds-prd.aws.oath.cloud9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343267Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.675{6820D070-4D64-6323-ED00-000000007502}6140e6791.b.akamaiedge.net023.39.61.5;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343266Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.674{6820D070-4D64-6323-ED00-000000007502}6140prod.ups-ats.us-east-1.aolp-ds-prd.aws.oath.cloud054.175.87.114;3.218.90.66;52.45.33.138;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343265Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.671{6820D070-4D64-6323-ED00-000000007502}6140ssc-cms.33across.com0type: 5 pixel.33across.com;::ffff:67.202.105.21;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343264Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.660{6820D070-4D64-6323-ED00-000000007502}6140p.rfihub.com0type: 5 a.rfihub.com;type: 5 a.rfihub.com.akadns.net;type: 5 a-us-east.rfihub.com.akadns.net;::ffff:199.38.167.129;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343263Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.646{6820D070-4D64-6323-ED00-000000007502}6140contextual.media.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343262Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.637{6820D070-4D64-6323-ED00-000000007502}6140contextual.media.net023.39.60.27;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343261Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.632{6820D070-4D64-6323-ED00-000000007502}6140contextual.media.net0::ffff:23.39.60.27;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343260Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.627{6820D070-4D64-6323-ED00-000000007502}6140public.servenobid.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343259Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.625{6820D070-4D64-6323-ED00-000000007502}6140public.servenobid.com013.33.165.104;13.33.165.79;13.33.165.6;13.33.165.27;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343258Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.624{6820D070-4D64-6323-ED00-000000007502}6140public.servenobid.com0::ffff:13.33.165.27;::ffff:13.33.165.104;::ffff:13.33.165.79;::ffff:13.33.165.6;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343257Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.624{6820D070-4D64-6323-ED00-000000007502}6140cdn.connectad.io02606:4700:10::6816:37ce;2606:4700:10::ac43:8ae;2606:4700:10::6816:36ce;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343256Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.623{6820D070-4D64-6323-ED00-000000007502}6140public.servenobid.com0::ffff:13.33.165.6;::ffff:13.33.165.27;::ffff:13.33.165.104;::ffff:13.33.165.79;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343255Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.622{6820D070-4D64-6323-ED00-000000007502}6140cdn.connectad.io0172.67.8.174;104.22.55.206;104.22.54.206;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343254Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.621{6820D070-4D64-6323-ED00-000000007502}6140cdn.connectad.io0::ffff:104.22.54.206;::ffff:172.67.8.174;::ffff:104.22.55.206;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343253Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.612{6820D070-4D64-6323-ED00-000000007502}6140cdn.connectad.io0::ffff:104.22.55.206;::ffff:104.22.54.206;::ffff:172.67.8.174;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343252Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.607{6820D070-4D64-6323-ED00-000000007502}6140us-east-eb2.3lift.com035.71.139.29;52.223.22.214;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343251Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.606{6820D070-4D64-6323-ED00-000000007502}6140e8960.b.akamaiedge.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343250Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.603{6820D070-4D64-6323-ED00-000000007502}6140prod.appnexus.map.fastly.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343249Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.602{6820D070-4D64-6323-ED00-000000007502}6140e8037.g.akamaiedge.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343248Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.601{6820D070-4D64-6323-ED00-000000007502}6140e8960.b.akamaiedge.net0104.98.89.221;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343247Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.599{6820D070-4D64-6323-ED00-000000007502}6140prod.appnexus.map.fastly.net0146.75.33.108;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343246Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.599{6820D070-4D64-6323-ED00-000000007502}6140e8037.g.akamaiedge.net023.39.37.13;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343245Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.599{6820D070-4D64-6323-ED00-000000007502}6140csync.smilewanted.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343244Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.592{6820D070-4D64-6323-ED00-000000007502}6140csync.smilewanted.com0104.18.24.121;104.18.25.121;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343243Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.590{6820D070-4D64-6323-ED00-000000007502}6140sync.serverbid.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343242Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.589{6820D070-4D64-6323-ED00-000000007502}6140csync.smilewanted.com0::ffff:104.18.25.121;::ffff:104.18.24.121;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343241Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.588{6820D070-4D64-6323-ED00-000000007502}6140e6603.g.akamaiedge.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343240Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.585{6820D070-4D64-6323-ED00-000000007502}6140js-sec.indexww.com0type: 5 js-sec.casalemedia.com.edgekey.net;type: 5 e8037.g.akamaiedge.net;::ffff:23.39.37.13;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343239Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.584{6820D070-4D64-6323-ED00-000000007502}6140sync.serverbid.com099.86.224.24;99.86.224.101;99.86.224.69;99.86.224.25;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343238Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.583{6820D070-4D64-6323-ED00-000000007502}6140sync.serverbid.com0::ffff:99.86.224.25;::ffff:99.86.224.24;::ffff:99.86.224.101;::ffff:99.86.224.69;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343237Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.583{6820D070-4D64-6323-ED00-000000007502}6140e6603.g.akamaiedge.net023.53.112.201;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343236Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.582{6820D070-4D64-6323-ED00-000000007502}6140csync.smilewanted.com0::ffff:104.18.24.121;::ffff:104.18.25.121;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343235Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.582{6820D070-4D64-6323-ED00-000000007502}6140sync.serverbid.com0::ffff:99.86.224.69;::ffff:99.86.224.25;::ffff:99.86.224.24;::ffff:99.86.224.101;C:\Program Files\Mozilla Firefox\firefox.exe 354300x8000000000000000343234Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.112{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local61278-false142.250.190.38ord37s33-in-f6.1e100.net443https 354300x8000000000000000343233Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.061{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50232-false142.250.190.38ord37s33-in-f6.1e100.net443https 354300x8000000000000000343232Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.040{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50231-false142.250.190.38ord37s33-in-f6.1e100.net443https 354300x8000000000000000343231Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.013{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50230-false23.64.245.189a23-64-245-189.deploy.static.akamaitechnologies.com443https 354300x8000000000000000343230Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.007{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50229-false142.250.190.38ord37s33-in-f6.1e100.net443https 354300x8000000000000000343229Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.994{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local61277- 354300x8000000000000000343228Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.993{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local54313- 354300x8000000000000000343227Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.991{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local55684- 354300x8000000000000000343226Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.986{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local64575- 22542200x8000000000000000343225Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.014{6820D070-4D64-6323-ED00-000000007502}6140e7876.dscg.akamaiedge.net02600:1405:9000:1a4::1ec4;2600:1405:9000:18e::1ec4;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343224Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:24.000{6820D070-4D64-6323-ED00-000000007502}6140e7876.dscg.akamaiedge.net023.64.245.189;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000343223Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:23.995{6820D070-4D64-6323-ED00-000000007502}6140secure.insightexpressai.com0type: 5 global-wildcard.insightexpressai.com.edgekey.net;type: 5 e7876.dscg.akamaiedge.net;::ffff:23.64.245.189;C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000343222Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.698{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\rpcrt4.dll10.0.14393.5291 (rs1_release.220806-1444)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=F8550606B41FF309D9A1DC76BB4EE875,SHA256=A1FFDD6A2EDA9E0CF047C74B00649A2EA228E3B8BDE1761C66879FA40335C2EB,IMPHASH=C4246EC3F13C64466ED4274DBAA3B132trueMicrosoft WindowsValid 734700x8000000000000000343221Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.698{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 734700x8000000000000000343220Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.698{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\sechost.dll10.0.14393.5006 (rs1_release.220301-1704)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=9F0F4C38A22FC9FFB8814F77A9563680,SHA256=E9ABDA1063716301F5D06DBC94D6A35B3F53A14B946525E5F764485132DB6166,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000343219Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.697{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704,IMPHASH=1835EBC72F9ADB09C6FCFABC04AC9C89trueMicrosoft WindowsValid 734700x8000000000000000343218Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.697{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 10341000x8000000000000000343217Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.697{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343216Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.697{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\mozglue.dll104.0.2-FirefoxMozilla Foundationmozglue.dllMD5=D81C40EAA529D675598BD3D88F4D273B,SHA256=F89754F1E16A89AF01B5A3B2F4FDE652AA14DBA3131FB9A831D1E51E2E4D9359,IMPHASH=59035CC8561E9C04E566E656F35B9519trueMozilla CorporationValid 734700x8000000000000000343215Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.697{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winmmbase.dll10.0.14393.0 (rs1_release.160715-1616)Base Multimedia Extension API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMMbase.DLLMD5=24C1E8F8C10471C5A6F0E8AF141211EB,SHA256=75ECAE23C920D81614BA5C0648377C2FC04C7379FD6A388C244A81F50AAB7B1C,IMPHASH=0B9A3C99AAFA99247F9E2BD866186AEAtrueMicrosoft WindowsValid 10341000x8000000000000000343214Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.696{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343213Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.696{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\advapi32.dll10.0.14393.4886 (rs1_release.220104-1735)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=C42106182CCA611F629E46981D1A0EEA,SHA256=68C134F95A8D38AE84545C8D581F4BF808B6C9D97513EA3CABF019C66419CBAE,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 18141800x8000000000000000343212Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:25.696{6820D070-4D64-6323-ED00-000000007502}6140\LOCAL\cubeb-pipe-6140-25C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000343211Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:25.696{6820D070-4D64-6323-ED00-000000007502}6140\LOCAL\cubeb-pipe-6140-25C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000343210Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.696{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\gdi32full.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F284A98093B423946252259D7D2857D3,SHA256=193F70529B68EF108EA17ABC069E6DACF4541A547DF1D2F249F7555A58BCFA07,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 10341000x8000000000000000343209Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.696{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343208Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.696{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\combase.dll10.0.14393.5192 (rs1_release.220610-1622)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=336FBB55FF4D4E5A05343A51C98A8F74,SHA256=FD42EBCB39DD4311FA7515010FF4D08AC4DFF7D5C35FCB23207833ED4C2E8444,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000343207Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.696{6820D070-4DF9-6323-2001-000000007502}6756C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winmm.dll10.0.14393.0 (rs1_release.160715-1616)MCI API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMM.DLLMD5=F16410F5D557337B05CF4F93691EC106,SHA256=2B5BC3C0A6514356C6719298FC25D8D192A2C973EE3283EF48379D2745C9BD87,IMPHASH=9F0D37252D56D3F9E44E69CCC59B57AEtrueMicrosoft WindowsValid 734700x8000000000000000343206Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.696{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 10341000x8000000000000000343205Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.695{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343204Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.695{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000343203Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.695{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 10341000x8000000000000000343202Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.695{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343201Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.695{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000189938Microsoft-Windows-Sysmon/Operationalwin-host-ctus-attack-range-102-2022-09-15 16:08:24.467{E743DC12-4ADC-6323-6200-000000007602}4076C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-ctus-attack-range-102.us-east-2.compute.internal49851-false10.0.1.12ip-10-0-1-12.us-east-2.compute.internal8000- 23542300x8000000000000000189937Microsoft-Windows-Sysmon/Operationalwin-host-ctus-attack-range-102-2022-09-15 16:08:26.203{E743DC12-4AE3-6323-6D00-000000007602}3488NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=58F82BFEB1081766D5D1F55E56E5F821,SHA256=D5BAABD8BE9044766DC0F6B8D44DC7C585CAFB7C697F668C38ED39E20B61D33C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000345556Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.988{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exe0x1010C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000345555Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.988{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000345554Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.988{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000345553Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.987{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exe0x1010C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000345552Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.987{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000345551Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.987{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-2701-000000007502}7268C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000345550Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.954{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exe0x1010C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000345549Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.954{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000345548Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.954{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000345547Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.954{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exe0x1010C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000345546Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.954{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000345545Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.953{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-2601-000000007502}7252C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000345544Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.902{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exe0x1010C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000345543Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.902{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000345542Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.902{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000345541Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.884{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exe0x1010C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000345540Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.884{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000345539Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.884{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-2501-000000007502}7240C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 354300x8000000000000000345538Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.026{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local63477-false199.187.193.182-443https 354300x8000000000000000345537Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:26.007{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local63476-false142.250.190.106ord37s35-in-f10.1e100.net443https 354300x8000000000000000345536Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.986{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local63462-false124.146.215.48-443https 354300x8000000000000000345535Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.985{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local63473-false104.36.115.114-443https 354300x8000000000000000345534Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.981{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local63474-false34.236.17.73ec2-34-236-17-73.compute-1.amazonaws.com443https 354300x8000000000000000345533Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.974{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local63472-false50.31.142.127chi.outbrain.com443https 354300x8000000000000000345532Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.946{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local54202- 354300x8000000000000000345531Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.937{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local60488- 354300x8000000000000000345530Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.933{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local56411- 354300x8000000000000000345529Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.922{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local58227- 354300x8000000000000000345528Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.887{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local63471-false104.36.115.114-443https 354300x8000000000000000345527Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.880{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local63469-false54.87.127.173ec2-54-87-127-173.compute-1.amazonaws.com443https 354300x8000000000000000345526Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.878{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local63470-false104.18.19.126-443https 354300x8000000000000000345525Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.871{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local55717- 354300x8000000000000000345524Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.870{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local63467-false38.91.45.7-443https 354300x8000000000000000345523Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.870{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local63468-false150.136.156.92-443https 354300x8000000000000000345522Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.869{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local63466-false34.195.158.163ec2-34-195-158-163.compute-1.amazonaws.com443https 354300x8000000000000000345521Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.867{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local62835- 354300x8000000000000000345520Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.866{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local63459-false37.157.2.234-443https 354300x8000000000000000345519Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.861{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local63465-false34.98.64.218218.64.98.34.bc.googleusercontent.com443https 354300x8000000000000000345518Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.855{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local63463-false23.202.201.246a23-202-201-246.deploy.static.akamaitechnologies.com443https 354300x8000000000000000345517Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.853{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local62823- 354300x8000000000000000345516Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.852{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local63535- 354300x8000000000000000345515Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.848{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local63464-false146.75.34.49-443https 354300x8000000000000000345514Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.835{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local59614- 354300x8000000000000000345513Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.834{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local58512- 354300x8000000000000000345512Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.824{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local63917- 354300x8000000000000000345511Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.808{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local54380- 354300x8000000000000000345510Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.799{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local63460-false69.175.41.15sovrn-193627-chi03-placeholder443https 354300x8000000000000000345509Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.799{6820D070-4ACF-6323-0B00-000000007502}620C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local63461-true0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local389ldap 354300x8000000000000000345508Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.799{6820D070-4ADF-6323-2600-000000007502}2544C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local63461-true0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local389ldap 354300x8000000000000000345507Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.798{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local54282- 354300x8000000000000000345506Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.797{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local54345- 734700x8000000000000000345505Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.830{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\freebl3.dll104.0.2-FirefoxMozilla Foundationfreebl3.dllMD5=E955B74FC4EC39B2FBA71B95F5785511,SHA256=AF895F69461521DC6DE09FA62D81F833D63D8559CA58FDBDACDDEBAF756FE717,IMPHASH=603677F758E7CEE100C502B5C0E50293trueMozilla CorporationValid 734700x8000000000000000345504Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.821{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\softokn3.dll104.0.2-FirefoxMozilla Foundationsoftokn3.dllMD5=4E78CA1C6C19DE0E2F37505183B005A8,SHA256=ADFA856F86B98E90DA37A1BDA1ABC261A6A871042FB342F93F43C6777E9E3CE2,IMPHASH=8217C8B17239D6236F43DE3AC007B8A6trueMozilla CorporationValid 10341000x8000000000000000345503Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.790{6820D070-4AD1-6323-1200-000000007502}3961540C:\Windows\system32\svchost.exe{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cd4|c:\windows\system32\fntcache.dll+17a6f|c:\windows\system32\fntcache.dll+1a637|c:\windows\system32\fntcache.dll+1aa6c|c:\windows\system32\fntcache.dll+501de|c:\windows\system32\fntcache.dll+4fee2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345502Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.789{6820D070-4AD1-6323-1200-000000007502}3961540C:\Windows\system32\svchost.exe{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cd4|c:\windows\system32\fntcache.dll+17a6f|c:\windows\system32\fntcache.dll+1a637|c:\windows\system32\fntcache.dll+1aa6c|c:\windows\system32\fntcache.dll+501de|c:\windows\system32\fntcache.dll+4fee2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000345501Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.785{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\DWrite.dll10.0.14393.4704 (rs1_release.211004-1917)Microsoft DirectX Typography ServicesMicrosoft® Windows® Operating SystemMicrosoft CorporationDWriteMD5=E6024B83C3D336E71E636E2816A0F6C6,SHA256=6BCFB676656A149E0307D6BA0AEE58FA6057BB8A920B57505CD2B90C8968DF94,IMPHASH=4DF173E853B52F621D05CC337B9F72CEtrueMicrosoft WindowsValid 734700x8000000000000000345500Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.782{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\devobj.dll10.0.14393.0 (rs1_release.160715-1616)Device Information Set DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationdevinfoset.DLLMD5=72AD993A6E896EB50058A73D045F3284,SHA256=CFF524F52D5F91788F34A47076E0CA36132890981079B27F559279B3F6FC3B11,IMPHASH=DFDCA72C641F8587ADF49CA0ED1D5817trueMicrosoft WindowsValid 734700x8000000000000000345499Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.779{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\setupapi.dll10.0.14393.2608 (rs1_release.181024-1742)Windows Setup APIMicrosoft® Windows® Operating SystemMicrosoft CorporationSETUPAPI.DLLMD5=8EEA3E9E124AC395915517588723F12E,SHA256=ED63B8F0079069271F46EECCB4B0CF384D02BD1E18FE3BA635A0C0B1284B2CBE,IMPHASH=5910ADAAC44A92AFA6ED871531949CEEtrueMicrosoft WindowsValid 734700x8000000000000000345498Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.778{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ole32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=EB53D1BF6E1667C8727EBBB5D5A862ED,SHA256=2B3D48DFA43A284B1C66A8A98B0A48104133D86EEEB2E8E060BE2281CF476348,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 10341000x8000000000000000345497Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.777{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\lsasrv.dll+26e07|C:\Windows\system32\lsasrv.dll+27f99|C:\Windows\system32\lsasrv.dll+26c85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345496Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.777{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2bdcf|C:\Windows\system32\lsasrv.dll+26bcd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000345495Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.776{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\sspicli.dll10.0.14393.5006 (rs1_release.220301-1704)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=F0258C58C8DC45AF9B5AAF9BA49E0C53,SHA256=8E1EAA39742CC0E97D615229E9C13C8447B8D115B4678A1F03BE3E8E20345521,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x8000000000000000345494Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.774{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\userenv.dll10.0.14393.4583 (rs1_release.210730-1850)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=E0F286AF345442E267C33880492CED31,SHA256=5C6D66F5A748551999BE1CDE33A3A1FC2E10D1297EF275D232A9FDCC95BEA84B,IMPHASH=C84FC60AE2A79A06E8C46A6929CDECB4trueMicrosoft WindowsValid 734700x8000000000000000345493Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.772{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 734700x8000000000000000345492Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.771{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\shlwapi.dll10.0.14393.5125 (rs1_release.220429-1732)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=407E895A220DE1A60C5B555A113FE998,SHA256=FE184347784F83953457146562E0F6C87C8DA04D0288415465631325A2A98C92,IMPHASH=9F3DE8492A7F075320A36332ACC9CAAFtrueMicrosoft WindowsValid 734700x8000000000000000345491Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.770{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575,IMPHASH=CBD4A2FD581B65B4B1934DA291FA2B86trueMicrosoft WindowsValid 734700x8000000000000000345490Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.769{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\windows.storage.dll10.0.14393.5291 (rs1_release.220806-1444)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=AA86B65DCB0ECF7263B863DE2A4E8D00,SHA256=2C4E0CA21438A610DCC55E24190146254E959DC5B8A0DE00BE517365CCCB10FB,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 734700x8000000000000000345489Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.767{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\shell32.dll10.0.14393.5291 (rs1_release.220806-1444)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=D73641916AB4964C7FE9B4A37473A01B,SHA256=4BB60581FB93D73CDC4F1FBEA2DDACE5D16FE61B6E0E16622C326B6E2F407A7E,IMPHASH=2A461CACC80CB7AC077398BD06B4057AtrueMicrosoft WindowsValid 18141800x8000000000000000345488Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:27.763{6820D070-4D64-6323-ED00-000000007502}6140\LOCAL\cubeb-pipe-6140-45C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000345487Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:27.763{6820D070-4D64-6323-ED00-000000007502}6140\LOCAL\cubeb-pipe-6140-45C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000345486Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.759{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704,IMPHASH=1835EBC72F9ADB09C6FCFABC04AC9C89trueMicrosoft WindowsValid 734700x8000000000000000345485Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.758{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winmmbase.dll10.0.14393.0 (rs1_release.160715-1616)Base Multimedia Extension API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMMbase.DLLMD5=24C1E8F8C10471C5A6F0E8AF141211EB,SHA256=75ECAE23C920D81614BA5C0648377C2FC04C7379FD6A388C244A81F50AAB7B1C,IMPHASH=0B9A3C99AAFA99247F9E2BD866186AEAtrueMicrosoft WindowsValid 734700x8000000000000000345484Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.758{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winmm.dll10.0.14393.0 (rs1_release.160715-1616)MCI API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMM.DLLMD5=F16410F5D557337B05CF4F93691EC106,SHA256=2B5BC3C0A6514356C6719298FC25D8D192A2C973EE3283EF48379D2745C9BD87,IMPHASH=9F0D37252D56D3F9E44E69CCC59B57AEtrueMicrosoft WindowsValid 10341000x8000000000000000345483Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.735{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+406b6|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+54cfb|C:\Windows\System32\RPCRT4.dll+533da|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000345482Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:27.733{6820D070-4D64-6323-ED00-000000007502}6140\gecko.6140.5612.14676982496085553478C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000345481Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:27.733{6820D070-4D64-6323-ED00-000000007502}6140\gecko.6140.5612.14676982496085553478C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000345480Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.732{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntmarta.dll10.0.14393.0 (rs1_release.160715-1616)Windows NT MARTA providerMicrosoft® Windows® Operating SystemMicrosoft Corporationntmarta.dllMD5=854A3CAE7C97B630158C9F7EE8555970,SHA256=20F0A4D99C5095A0CAC39B816BFC987F64CD051843C79E027714666375986176,IMPHASH=98050D95AE15C8382F287539F2BF65FAtrueMicrosoft WindowsValid 734700x8000000000000000345479Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.731{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12,IMPHASH=67E6A4C8E164C0229E3FF1626F1894C6trueMicrosoft WindowsValid 734700x8000000000000000345478Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.730{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x8000000000000000345477Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.729{6820D070-4D64-6323-ED00-000000007502}61405612C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1a81b5a|C:\Program Files\Mozilla Firefox\xul.dll+1a7fb67|C:\Program Files\Mozilla Firefox\xul.dll+12cb5|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+127e7|C:\Program Files\Mozilla Firefox\xul.dll+9e0231|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000345476Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:27.728{6820D070-4D64-6323-ED00-000000007502}6140\chrome.6140.49.121500808C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000345475Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.724{6820D070-4DFB-6323-3501-000000007502}9452C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000345474Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.723{6820D070-4DFB-6323-3501-000000007502}9452C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000345473Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.723{6820D070-4DFB-6323-3501-000000007502}9452C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 10341000x8000000000000000345472Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.717{6820D070-4D64-6323-ED00-000000007502}61404084C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+114dfb|C:\Program Files\Mozilla Firefox\xul.dll+12ee2b1|C:\Windows\SYSTEM32\ntdll.dll+7f61d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed13|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000345471Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:27.717{6820D070-4D64-6323-ED00-000000007502}6140\gecko-crash-server-pipe.6140C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000345470Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.704{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\version.dll10.0.14393.0 (rs1_release.160715-1616)Version Checking and File Installation LibrariesMicrosoft® Windows® Operating SystemMicrosoft CorporationVERSION.DLLMD5=CFDB018AC09F879CAAE7A66CA7880D57,SHA256=6AB95FD0D142CFFC3B9455AF51F003E1CD75B7F4323820390B975F9E1C8A47A5,IMPHASH=9A7C66851249D4CED6C2C9096DCA243BtrueMicrosoft WindowsValid 734700x8000000000000000345469Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.699{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\SHCore.dll10.0.14393.5066 (rs1_release.220401-1841)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=FC58D75DDAF44088B9101BE2418B1967,SHA256=74A0CCA04F2405A329897A6A1A3E90A0CE48E5772F85E7188C75677CD9D78160,IMPHASH=3C09BDCE2388320645D7656AE2AC744CtrueMicrosoft WindowsValid 734700x8000000000000000345468Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.699{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\combase.dll10.0.14393.5192 (rs1_release.220610-1622)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=336FBB55FF4D4E5A05343A51C98A8F74,SHA256=FD42EBCB39DD4311FA7515010FF4D08AC4DFF7D5C35FCB23207833ED4C2E8444,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000345467Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.696{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000345466Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.690{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000345465Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.689{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36,IMPHASH=FF25576501EAFD13671A6D5075C4513EtrueMicrosoft WindowsValid 734700x8000000000000000345464Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.689{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000345463Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.686{6820D070-4DFB-6323-3501-000000007502}9452C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.5066 (rs1_release.220401-1841)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=75E3DE473374E0BCBBD1EC60036A93EC,SHA256=23EBE577D2080D4C7532184B69E44BF640BB44084F9046A5AF364268A7BDB1EC,IMPHASH=6CC8301D560C9DC6CB13A6320F3A3B1FtrueMicrosoft WindowsValid 734700x8000000000000000345462Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.685{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wintrust.dll10.0.14393.5125 (rs1_release.220429-1732)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=55FCE44E89BDA2444619661FE50F43EE,SHA256=420CACA0D821E7E9F1D1E683E9899BC2F6D5A4AA06C8D4BB23335DD9490CC0F8,IMPHASH=8B8383FC3FA03C92F859A2AF899A52ADtrueMicrosoft WindowsValid 734700x8000000000000000345461Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.684{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll104.0.2-FirefoxMozilla Foundationxul.dllMD5=0A51F22D078855CE4E32F0987E9B06C6,SHA256=CD073C7F42A13D192E8E96AC16B0C2BE56D40424768DC65733380AB4AFBD4716,IMPHASH=9A9A84C657A1B1C5F1F6F1989D349543trueMozilla CorporationValid 734700x8000000000000000345460Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.684{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\lgpllibs.dll104.0.2-FirefoxMozilla Foundationlgpllibs.dllMD5=8A81C934123E7CA79B7A1741570D3336,SHA256=0A0F351BBB315E6364398A55F77607E57C29CB83BEE9FC6D7EA6DC3D761964DA,IMPHASH=451AECEA9F58042E76D96A82BE2804FAtrueMozilla CorporationValid 734700x8000000000000000345459Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.682{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wsock32.dll10.0.14393.0 (rs1_release.160715-1616)Windows Socket 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationwsock32.dllMD5=9471D5E2FEDF5552440BF935143DFAB0,SHA256=B489197F05EFFFB17F10FA9942DB88100C86BEB8291F9ACC8EB38BEF751BF90D,IMPHASH=6D33A1BDF842DEBFB889C44A830190E7trueMicrosoft WindowsValid 734700x8000000000000000345458Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.682{6820D070-4DFB-6323-3501-000000007502}9452C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.5066 (rs1_release.220401-1841)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3D375474E2FE9A77D243E35954287188,SHA256=7850F11166D7CACED6F628033524ED86191AE92772000AFA677E59A664396E8C,IMPHASH=6990BA83B94C81786A84E6C44E699D03trueMicrosoft WindowsValid 734700x8000000000000000345457Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.681{6820D070-4DFB-6323-3501-000000007502}9452C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000345456Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.679{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 10341000x8000000000000000345455Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.679{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exe0x1010C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000345454Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.679{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000345453Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.678{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 734700x8000000000000000345452Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.678{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\rpcrt4.dll10.0.14393.5291 (rs1_release.220806-1444)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=F8550606B41FF309D9A1DC76BB4EE875,SHA256=A1FFDD6A2EDA9E0CF047C74B00649A2EA228E3B8BDE1761C66879FA40335C2EB,IMPHASH=C4246EC3F13C64466ED4274DBAA3B132trueMicrosoft WindowsValid 734700x8000000000000000345451Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.677{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\sechost.dll10.0.14393.5006 (rs1_release.220301-1704)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=9F0F4C38A22FC9FFB8814F77A9563680,SHA256=E9ABDA1063716301F5D06DBC94D6A35B3F53A14B946525E5F764485132DB6166,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000345450Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.676{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 10341000x8000000000000000345449Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.676{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exe0x1010C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000345448Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.676{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000345447Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.676{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 734700x8000000000000000345446Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.674{6820D070-4DFB-6323-3501-000000007502}9452C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.5125 (rs1_release.220429-1732)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=E8FF656B90334BED915B2BC6BBE57C9A,SHA256=8BB399AD98B9D9C637D09EB48306B1E80C50BAA7D1C9811595D9042E4294173C,IMPHASH=FE007B4B6CED5075C98434207FFF87E0trueMicrosoft WindowsValid 734700x8000000000000000345445Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.670{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\advapi32.dll10.0.14393.4886 (rs1_release.220104-1735)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=C42106182CCA611F629E46981D1A0EEA,SHA256=68C134F95A8D38AE84545C8D581F4BF808B6C9D97513EA3CABF019C66419CBAE,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x8000000000000000345444Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.670{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\nss3.dll104.0.2-FirefoxMozilla Foundationnss3.dllMD5=53509A4511300964ADB047AD5F1F1170,SHA256=2241536476C6C2CCE371DCFB08432C351198809A577FFC2E79D27FCEAAB6FEE5,IMPHASH=C637BF48786E5FC945D5268F49B50500trueMozilla CorporationValid 734700x8000000000000000345443Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.665{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 734700x8000000000000000345442Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.663{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\gdi32full.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F284A98093B423946252259D7D2857D3,SHA256=193F70529B68EF108EA17ABC069E6DACF4541A547DF1D2F249F7555A58BCFA07,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000345441Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.663{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000345440Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.662{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000345439Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.662{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000345438Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.661{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4770 (rs1_release.211101-1440)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=54417B63FB3760BC6DBC5DB1BDA4C272,SHA256=B7A8B457B252AB949C067D5FCFEFB2AE98E9115B958D2A0FC120D7B13B3E9FAD,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000345437Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.660{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000345436Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.657{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\vcruntime140_1.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140_1.dllMD5=135359D350F72AD4BF716B764D39E749,SHA256=34048ABAA070ECC13B318CEA31425F4CA3EDD133D350318AC65259E6058C8B32,IMPHASH=AE0BDE6314FA2027B54CE04898F6AB69trueMicrosoft CorporationValid 734700x8000000000000000345435Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.656{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\vcruntime140.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140.dllMD5=F34EB034AA4A9735218686590CBA2E8B,SHA256=9D2B40F0395CC5D1B4D5EA17B84970C29971D448C37104676DB577586D4AD1B1,IMPHASH=44C3854843F7A3FCCDF8DDBBEA66F302trueMicrosoft CorporationValid 734700x8000000000000000345434Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.655{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp140.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationmsvcp140.dllMD5=6DA7F4530EDB350CF9D967D969CCECF8,SHA256=9FEE6F36547D6F6EA7CA0338655555DBA6BB0F798BC60334D29B94D1547DA4DA,IMPHASH=2BA11FD5A511C8A409E705E9AB6B5DC1trueMicrosoft CorporationValid 734700x8000000000000000345433Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.654{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242,IMPHASH=B6562243FBF394F03046E917C719260FtrueMicrosoft WindowsValid 734700x8000000000000000345432Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.653{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\crypt32.dll10.0.14393.5291 (rs1_release.220806-1444)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=0D54B119907CCD11827832973EAB917D,SHA256=78C28A0165B0A2581662CFB3A89E319006518DC2E1A664E6027C7F8EBFA05D92,IMPHASH=42B269CD88D7BD841B43BB1788792A62trueMicrosoft WindowsValid 734700x8000000000000000345431Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.652{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\mozglue.dll104.0.2-FirefoxMozilla Foundationmozglue.dllMD5=D81C40EAA529D675598BD3D88F4D273B,SHA256=F89754F1E16A89AF01B5A3B2F4FDE652AA14DBA3131FB9A831D1E51E2E4D9359,IMPHASH=59035CC8561E9C04E566E656F35B9519trueMozilla CorporationValid 734700x8000000000000000345430Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.651{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000345429Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.649{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\KernelBase.dll10.0.14393.5246 (rs1_release.220701-1744)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=96EFBE3DB6300BB13E0720809302FF9F,SHA256=2DE51A861E8D47D75730027E8BD70554363E10449EC258527C491EE8D4A57C2F,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000345428Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.648{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=92D599E644B89C0F9E7DDB55762EBEA6,SHA256=F32D28EE73EADAF9EF3F30145FA3C52B88DF47236B8747434750832BF1B9CDEE,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000345427Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.648{6820D070-4DFB-6323-3501-000000007502}9452C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000345426Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.646{6820D070-4DFB-6323-3501-000000007502}9452C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.5192 (rs1_release.220610-1622)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=B35177BAFC97AEAE651855029064EFD9,SHA256=126CD0C2A881ECB0872E53799662495FB0B763BB94FB3F32E4C67BB1618C9891,IMPHASH=05E3BE6B6949EB358D57BA04AF2EF75AtrueMicrosoft WindowsValid 734700x8000000000000000345425Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.642{6820D070-4DFB-6323-3501-000000007502}9452C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000345424Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.641{6820D070-4DFB-6323-3501-000000007502}9452C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.5192 (rs1_release.220610-1622)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=48620A4A9EE4129296C93ED63D5363B2,SHA256=1FACA8BACE6051E29DEB1BB593B7F17FDABCCFC7A0FC4562BD77AA7CFB579435,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000345423Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.640{6820D070-4DFB-6323-3501-000000007502}9452C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 10341000x8000000000000000345422Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.640{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000345421Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.640{6820D070-4DFB-6323-3501-000000007502}9452C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 10341000x8000000000000000345420Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.639{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345419Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.638{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345418Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.637{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000345417Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.637{6820D070-4DFB-6323-3501-000000007502}9452C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.10libxml2 librarylibxml2-libxml2.dllMD5=20596DB2126E9F188727597F0FCC7CDB,SHA256=BAD6246A2B43B07FE80643DE40B0CE49751C8E0B95B076AD94E59F16CE8D8C0C,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000345416Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.637{6820D070-4DFB-6323-3501-000000007502}9452C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=AD564ED89D67D88709AA5980BAE20604,SHA256=0EEBE5AA750667908006742E133AE1C273D966897B95B1A0E63826450BB4780A,IMPHASH=A48DFE6DD98128BE3EB687CBF2724A44trueSplunk, Inc.Valid 734700x8000000000000000345415Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.636{6820D070-4DFB-6323-3501-000000007502}9452C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2zaOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=B28B29D2F85EB8349BFB5E7214D7F4D5,SHA256=17260ACBE55D8988E598ECEFBC60140EBE057336B47D8089444588321F067280,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000345414Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.636{6820D070-4DFB-6323-3501-000000007502}9452C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=98C643DECFE1971BE3E8B076B19BFD72,SHA256=A520C20F316C902985449BC17AB5F86FCF2F41420B08C1AE08BA06E767EB49F3,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000345413Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.636{6820D070-4DFB-6323-3501-000000007502}9452C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=9BC99DECE580BD163AC318FCD1ACB667,SHA256=94BA08021E14476ED8EC2DC81165574B64274E20F2D8DE9CA98CD0D10CE279F7,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000345412Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.635{6820D070-4DFB-6323-3501-000000007502}9452C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2zaOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=0FE6D3D4B3F4B0F5502371832D12BB8E,SHA256=3DF79909021C72E70D2AE273587296E5E2D5F77315011B5C3115CFA359682647,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000345411Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.634{6820D070-4DFB-6323-3501-000000007502}9452C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000345410Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.634{6820D070-4DFB-6323-3501-000000007502}9452C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000345409Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.634{6820D070-4DFB-6323-3501-000000007502}9452C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4770 (rs1_release.211101-1440)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=54417B63FB3760BC6DBC5DB1BDA4C272,SHA256=B7A8B457B252AB949C067D5FCFEFB2AE98E9115B958D2A0FC120D7B13B3E9FAD,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000345408Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.633{6820D070-4DFB-6323-3501-000000007502}9452C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=FBA0D04D5A8AEA25D86EC623A14D0056,SHA256=D64FE508393C40160D1EFB22149C69763CBAA921BD1BC74C8D4AE59A10C3B767,IMPHASH=987AB6B8B03EE421D8CC59EAFE452916trueSplunk, Inc.Valid 734700x8000000000000000345407Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.633{6820D070-4DFB-6323-3501-000000007502}9452C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000345406Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.633{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntdll.dll10.0.14393.5006 (rs1_release.220301-1704)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=F5EE39B17A8BCDEDC3D40997C26F62B1,SHA256=11C1C88B1CC11D9800DEEF27ED7ABDFDE3DC852687A3B9FBD5153284106E5952,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000345405Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.633{6820D070-4DFB-6323-3501-000000007502}9452C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.5192 (rs1_release.220610-1622)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=336FBB55FF4D4E5A05343A51C98A8F74,SHA256=FD42EBCB39DD4311FA7515010FF4D08AC4DFF7D5C35FCB23207833ED4C2E8444,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000345404Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.633{6820D070-4DFB-6323-3501-000000007502}9452C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000345403Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.633{6820D070-4DFB-6323-3501-000000007502}9452C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=EB53D1BF6E1667C8727EBBB5D5A862ED,SHA256=2B3D48DFA43A284B1C66A8A98B0A48104133D86EEEB2E8E060BE2281CF476348,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000345402Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.632{6820D070-4DFB-6323-3501-000000007502}9452C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 10341000x8000000000000000345401Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.632{6820D070-4D64-6323-ED00-000000007502}61404264C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+27040|C:\Program Files\Mozilla Firefox\xul.dll+e7c824|C:\Program Files\Mozilla Firefox\xul.dll+e76539|C:\Program Files\Mozilla Firefox\xul.dll+e6774a|C:\Program Files\Mozilla Firefox\xul.dll+378cdc3|C:\Program Files\Mozilla Firefox\xul.dll+7c6334|C:\Program Files\Mozilla Firefox\xul.dll+1a629d7|C:\Program Files\Mozilla Firefox\xul.dll+17b18ec|C:\Program Files\Mozilla Firefox\xul.dll+1a88fb4|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+1fc8e|C:\Program Files\Mozilla Firefox\xul.dll+180dd8|C:\Program Files\Mozilla Firefox\xul.dll+17fd52|C:\Program Files\Mozilla Firefox\xul.dll+44a9b51|C:\Program Files\Mozilla Firefox\xul.dll+4511b42|C:\Program Files\Mozilla Firefox\xul.dll+451296c|C:\Program Files\Mozilla Firefox\xul.dll+1f8be23|C:\Program Files\Mozilla Firefox\firefox.exe+19db6|C:\Program Files\Mozilla Firefox\firefox.exe+27d18|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000345400Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.631{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\firefox.exe104.0.2FirefoxFirefoxMozilla Corporationfirefox.exeMD5=BBF69077780A3C362C8F6545B6B254B9,SHA256=9BA01237719ABB00128CC369D5BEA68E6EB6AFCAA47C4316EED174615B90E2B6,IMPHASH=9AE80BC4D7F699F3663D6FC8FC1CEAF0trueMozilla CorporationValid 734700x8000000000000000345399Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.631{6820D070-4DFB-6323-3501-000000007502}9452C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.5291 (rs1_release.220806-1444)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=F8550606B41FF309D9A1DC76BB4EE875,SHA256=A1FFDD6A2EDA9E0CF047C74B00649A2EA228E3B8BDE1761C66879FA40335C2EB,IMPHASH=C4246EC3F13C64466ED4274DBAA3B132trueMicrosoft WindowsValid 734700x8000000000000000345398Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.631{6820D070-4DFB-6323-3501-000000007502}9452C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.5006 (rs1_release.220301-1704)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=9F0F4C38A22FC9FFB8814F77A9563680,SHA256=E9ABDA1063716301F5D06DBC94D6A35B3F53A14B946525E5F764485132DB6166,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000345397Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.630{6820D070-4DFB-6323-3501-000000007502}9452C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000345396Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.630{6820D070-4DFB-6323-3501-000000007502}9452C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4886 (rs1_release.220104-1735)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=C42106182CCA611F629E46981D1A0EEA,SHA256=68C134F95A8D38AE84545C8D581F4BF808B6C9D97513EA3CABF019C66419CBAE,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x8000000000000000345395Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.628{6820D070-4D64-6323-ED00-000000007502}61405612C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+9f9b59|C:\Program Files\Mozilla Firefox\xul.dll+7c6334|C:\Program Files\Mozilla Firefox\xul.dll+1a7fd3f|C:\Program Files\Mozilla Firefox\xul.dll+12cb5|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+127e7|C:\Program Files\Mozilla Firefox\xul.dll+9e0231|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345394Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.626{6820D070-4B7C-6323-8800-000000007502}6281180C:\Windows\system32\csrss.exe{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000345393Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.625{6820D070-4D64-6323-ED00-000000007502}61405840C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b830|C:\Windows\System32\KERNELBASE.dll+6f523|C:\Windows\System32\ADVAPI32.dll+189bf|C:\Program Files\Mozilla Firefox\firefox.exe+2bb52|C:\Program Files\Mozilla Firefox\firefox.exe+59d7|C:\Program Files\Mozilla Firefox\xul.dll+203367f|C:\Program Files\Mozilla Firefox\xul.dll+9f4a88|C:\Program Files\Mozilla Firefox\xul.dll+9f2b85|C:\Program Files\Mozilla Firefox\xul.dll+9faa2e|C:\Program Files\Mozilla Firefox\xul.dll+84ead3|C:\Program Files\Mozilla Firefox\xul.dll+17b26ed|C:\Program Files\Mozilla Firefox\xul.dll+17b0967|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+1fc8e|C:\Program Files\Mozilla Firefox\xul.dll+8523f7|C:\Program Files\Mozilla Firefox\nss3.dll+75edc|C:\Program Files\Mozilla Firefox\nss3.dll+8c1d1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000345392Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.625{6820D070-4DFB-6323-3501-000000007502}9452C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F284A98093B423946252259D7D2857D3,SHA256=193F70529B68EF108EA17ABC069E6DACF4541A547DF1D2F249F7555A58BCFA07,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 154100x8000000000000000345391Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.624{6820D070-4DFB-6323-3601-000000007502}9464C:\Program Files\Mozilla Firefox\firefox.exe104.0.2FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6140.49.1215008086\1294474730" -childID 46 -isForBrowser -prefsHandle 11376 -prefMapHandle 11372 -prefsLen 31603 -prefMapSize 231974 -jsInitHandle 1100 -jsInitLen 247228 -a11yResourceId 64 -parentBuildID 20220902153754 -appDir "C:\Program Files\Mozilla Firefox\browser" - 6140 "\\.\pipe\gecko-crash-server-pipe.6140" 11052 2612aac6248 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{6820D070-4B7D-6323-1F63-0C0000000000}0xc631f2LowMD5=BBF69077780A3C362C8F6545B6B254B9,SHA256=9BA01237719ABB00128CC369D5BEA68E6EB6AFCAA47C4316EED174615B90E2B6,IMPHASH=9AE80BC4D7F699F3663D6FC8FC1CEAF0{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 734700x8000000000000000345390Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.625{6820D070-4DFB-6323-3501-000000007502}9452C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000345389Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.625{6820D070-4DFB-6323-3501-000000007502}9452C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000345388Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.624{6820D070-4DFB-6323-3501-000000007502}9452C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x8000000000000000345387Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.623{6820D070-4AE0-6323-3A00-000000007502}34043444C:\Windows\system32\conhost.exe{6820D070-4DFB-6323-3501-000000007502}9452C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8df|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000345386Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.619{6820D070-4DFB-6323-3501-000000007502}9452C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.5246 (rs1_release.220701-1744)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=96EFBE3DB6300BB13E0720809302FF9F,SHA256=2DE51A861E8D47D75730027E8BD70554363E10449EC258527C491EE8D4A57C2F,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000345385Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.619{6820D070-4DFB-6323-3501-000000007502}9452C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=92D599E644B89C0F9E7DDB55762EBEA6,SHA256=F32D28EE73EADAF9EF3F30145FA3C52B88DF47236B8747434750832BF1B9CDEE,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000345384Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.619{6820D070-4DFB-6323-3501-000000007502}9452C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.5006 (rs1_release.220301-1704)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=F5EE39B17A8BCDEDC3D40997C26F62B1,SHA256=11C1C88B1CC11D9800DEEF27ED7ABDFDE3DC852687A3B9FBD5153284106E5952,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000345383Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.619{6820D070-4DFB-6323-3501-000000007502}9452C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.2.5Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=40AB9FBBAEDDA47FD9B0A2EC5E183B97,SHA256=8A7CB60452D38C258714CE37C2C490E78007A9E4F4F9A94B270BDBA59FA8F1AE,IMPHASH=35240A25EDE7EC5A65BF627E57E772B9trueSplunk, Inc.Valid 10341000x8000000000000000345382Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.619{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345381Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.619{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345380Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.619{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345379Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.619{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345378Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.619{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345377Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.619{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000345376Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.618{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\freebl3.dll104.0.2-FirefoxMozilla Foundationfreebl3.dllMD5=E955B74FC4EC39B2FBA71B95F5785511,SHA256=AF895F69461521DC6DE09FA62D81F833D63D8559CA58FDBDACDDEBAF756FE717,IMPHASH=603677F758E7CEE100C502B5C0E50293trueMozilla CorporationValid 10341000x8000000000000000345375Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.618{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345374Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.618{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345373Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.618{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345372Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.618{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345371Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.618{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345370Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.618{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345369Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.617{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345368Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.617{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345367Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.617{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345366Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.617{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345365Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.617{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000345364Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.617{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\softokn3.dll104.0.2-FirefoxMozilla Foundationsoftokn3.dllMD5=4E78CA1C6C19DE0E2F37505183B005A8,SHA256=ADFA856F86B98E90DA37A1BDA1ABC261A6A871042FB342F93F43C6777E9E3CE2,IMPHASH=8217C8B17239D6236F43DE3AC007B8A6trueMozilla CorporationValid 10341000x8000000000000000345363Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.617{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345362Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.616{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345361Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.616{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345360Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.616{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345359Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.616{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345358Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.615{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345357Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.615{6820D070-4ACF-6323-0500-000000007502}404472C:\Windows\system32\csrss.exe{6820D070-4DFB-6323-3501-000000007502}9452C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000345356Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.615{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345355Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.615{6820D070-4ADF-6323-3200-000000007502}29363888C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6820D070-4DFB-6323-3501-000000007502}9452C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b830|C:\Windows\System32\KERNELBASE.dll+6b316|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e499f1|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+1b3255|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+1bd30d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+1b59b6|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+dd3c14|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+1bd79a|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+1c0f1c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+dd07d2|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+dd491d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+1bb965|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+dc694e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000345354Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.615{6820D070-4DFB-6323-3501-000000007502}9452C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.2.5Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6820D070-4ACF-6323-E703-000000000000}0x3e70SystemMD5=40AB9FBBAEDDA47FD9B0A2EC5E183B97,SHA256=8A7CB60452D38C258714CE37C2C490E78007A9E4F4F9A94B270BDBA59FA8F1AE,IMPHASH=35240A25EDE7EC5A65BF627E57E772B9{6820D070-4ADF-6323-3200-000000007502}2936C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000345353Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.615{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345352Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.615{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345351Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.614{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345350Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.610{6820D070-4AD1-6323-1200-000000007502}3961540C:\Windows\system32\svchost.exe{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cd4|c:\windows\system32\fntcache.dll+17a6f|c:\windows\system32\fntcache.dll+1a637|c:\windows\system32\fntcache.dll+1aa6c|c:\windows\system32\fntcache.dll+501de|c:\windows\system32\fntcache.dll+4fee2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345349Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.608{6820D070-4AD1-6323-1200-000000007502}3961540C:\Windows\system32\svchost.exe{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cd4|c:\windows\system32\fntcache.dll+17a6f|c:\windows\system32\fntcache.dll+1a637|c:\windows\system32\fntcache.dll+1aa6c|c:\windows\system32\fntcache.dll+501de|c:\windows\system32\fntcache.dll+4fee2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000345348Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.607{6820D070-4DF9-6323-2401-000000007502}7216C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\mswsock.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft Windows Sockets 2.0 Service ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationmswsock.dllMD5=B52ACA309FD6F72105951FFBA022327B,SHA256=02AB6CCE4BF0D3F075D5E982F5A4CBDB514CE7C245EA474D7846A86CD3F13202,IMPHASH=0E9C1FA273A5EFD763FAC8E145B20C80trueMicrosoft WindowsValid 10341000x8000000000000000345347Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.605{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345346Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.605{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345345Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.604{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000345344Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.598{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\DWrite.dll10.0.14393.4704 (rs1_release.211004-1917)Microsoft DirectX Typography ServicesMicrosoft® Windows® Operating SystemMicrosoft CorporationDWriteMD5=E6024B83C3D336E71E636E2816A0F6C6,SHA256=6BCFB676656A149E0307D6BA0AEE58FA6057BB8A920B57505CD2B90C8968DF94,IMPHASH=4DF173E853B52F621D05CC337B9F72CEtrueMicrosoft WindowsValid 734700x8000000000000000345343Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.595{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\devobj.dll10.0.14393.0 (rs1_release.160715-1616)Device Information Set DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationdevinfoset.DLLMD5=72AD993A6E896EB50058A73D045F3284,SHA256=CFF524F52D5F91788F34A47076E0CA36132890981079B27F559279B3F6FC3B11,IMPHASH=DFDCA72C641F8587ADF49CA0ED1D5817trueMicrosoft WindowsValid 734700x8000000000000000345342Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.592{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\setupapi.dll10.0.14393.2608 (rs1_release.181024-1742)Windows Setup APIMicrosoft® Windows® Operating SystemMicrosoft CorporationSETUPAPI.DLLMD5=8EEA3E9E124AC395915517588723F12E,SHA256=ED63B8F0079069271F46EECCB4B0CF384D02BD1E18FE3BA635A0C0B1284B2CBE,IMPHASH=5910ADAAC44A92AFA6ED871531949CEEtrueMicrosoft WindowsValid 17141700x8000000000000000345341Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:27.591{6820D070-4D64-6323-ED00-000000007502}6140\chrome.6140.49.121500808C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000345340Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.590{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\freebl3.dll104.0.2-FirefoxMozilla Foundationfreebl3.dllMD5=E955B74FC4EC39B2FBA71B95F5785511,SHA256=AF895F69461521DC6DE09FA62D81F833D63D8559CA58FDBDACDDEBAF756FE717,IMPHASH=603677F758E7CEE100C502B5C0E50293trueMozilla CorporationValid 734700x8000000000000000345339Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.589{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\softokn3.dll104.0.2-FirefoxMozilla Foundationsoftokn3.dllMD5=4E78CA1C6C19DE0E2F37505183B005A8,SHA256=ADFA856F86B98E90DA37A1BDA1ABC261A6A871042FB342F93F43C6777E9E3CE2,IMPHASH=8217C8B17239D6236F43DE3AC007B8A6trueMozilla CorporationValid 734700x8000000000000000345338Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.585{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ole32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=EB53D1BF6E1667C8727EBBB5D5A862ED,SHA256=2B3D48DFA43A284B1C66A8A98B0A48104133D86EEEB2E8E060BE2281CF476348,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 10341000x8000000000000000345337Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.584{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\lsasrv.dll+26e07|C:\Windows\system32\lsasrv.dll+27f99|C:\Windows\system32\lsasrv.dll+26c85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345336Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.583{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2bdcf|C:\Windows\system32\lsasrv.dll+26bcd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000345335Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.796{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local60164- 354300x8000000000000000345334Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.796{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local59769- 354300x8000000000000000345333Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.795{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local55722- 354300x8000000000000000345332Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.795{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local61173- 354300x8000000000000000345331Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.794{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local54878- 354300x8000000000000000345330Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.792{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local55908- 354300x8000000000000000345329Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.791{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local63783- 354300x8000000000000000345328Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.790{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local63452- 354300x8000000000000000345327Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.789{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local55440- 354300x8000000000000000345326Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.788{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local62423- 354300x8000000000000000345325Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.787{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local63973- 354300x8000000000000000345324Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.786{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local54794- 354300x8000000000000000345323Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.785{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local58937- 354300x8000000000000000345322Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.785{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local61012- 354300x8000000000000000345321Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.782{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local60176- 354300x8000000000000000345320Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.781{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local63891- 354300x8000000000000000345319Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.780{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local56686- 354300x8000000000000000345318Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.779{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local64538- 354300x8000000000000000345317Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.777{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53589- 354300x8000000000000000345316Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.776{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local60630- 354300x8000000000000000345315Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.776{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local63038- 354300x8000000000000000345314Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.773{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local57967- 354300x8000000000000000345313Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.773{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local54935- 354300x8000000000000000345312Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.772{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53446- 354300x8000000000000000345311Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.771{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local62781- 354300x8000000000000000345310Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.771{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local64464- 354300x8000000000000000345309Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.771{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local55727- 354300x8000000000000000345308Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.771{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local56731- 354300x8000000000000000345307Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.771{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53445- 354300x8000000000000000345306Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.768{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local64403- 354300x8000000000000000345305Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.767{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local63718- 354300x8000000000000000345304Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.767{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local63042- 354300x8000000000000000345303Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.767{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local59285- 354300x8000000000000000345302Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.767{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53444- 354300x8000000000000000345301Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.767{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53443- 354300x8000000000000000345300Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.766{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local63508- 354300x8000000000000000345299Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.761{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local57931- 354300x8000000000000000345298Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.761{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local60850- 354300x8000000000000000345297Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.749{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53642- 354300x8000000000000000345296Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.748{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local55057- 354300x8000000000000000345295Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.748{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local56150- 354300x8000000000000000345294Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.739{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local62766- 354300x8000000000000000345293Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.737{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local56854- 354300x8000000000000000345292Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.729{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local62927- 354300x8000000000000000345291Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.729{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local57283- 354300x8000000000000000345290Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.720{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local63458-false44.209.207.157ec2-44-209-207-157.compute-1.amazonaws.com443https 354300x8000000000000000345289Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.708{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local64614-false64.74.236.127chi.outbrain.com443https 354300x8000000000000000345288Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.697{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local64613-false3.228.99.19ec2-3-228-99-19.compute-1.amazonaws.com443https 354300x8000000000000000345287Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.689{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local63457-true0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domain 354300x8000000000000000345286Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.689{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local63457-true0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domain 354300x8000000000000000345285Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.689{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local61446- 354300x8000000000000000345284Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.688{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local60456- 354300x8000000000000000345283Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.678{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local62382- 354300x8000000000000000345282Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.673{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53891- 354300x8000000000000000345281Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.669{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local58569- 354300x8000000000000000345280Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.668{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local62310- 354300x8000000000000000345279Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.668{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local59689- 354300x8000000000000000345278Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.668{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local60943- 354300x8000000000000000345277Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.667{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local60737- 354300x8000000000000000345276Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.666{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local56205- 354300x8000000000000000345275Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.666{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local54993- 354300x8000000000000000345274Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.663{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local57160- 354300x8000000000000000345273Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.662{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local64612-true0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domain 354300x8000000000000000345272Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.662{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local64612-true0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domain 354300x8000000000000000345271Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.661{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local54734- 354300x8000000000000000345270Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.660{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local56206- 354300x8000000000000000345269Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.659{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local56381- 354300x8000000000000000345268Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.658{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local64031- 354300x8000000000000000345267Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.656{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50295-false146.75.34.49-443https 354300x8000000000000000345266Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.591{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50294-false216.200.232.253-443https 354300x8000000000000000345265Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.582{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local61421- 354300x8000000000000000345264Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.577{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local59628- 354300x8000000000000000345263Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.575{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50293-false3.229.251.39ec2-3-229-251-39.compute-1.amazonaws.com443https 354300x8000000000000000345262Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.570{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local55716- 354300x8000000000000000345261Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.567{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local57717-false172.67.8.174-443https 354300x8000000000000000345260Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.566{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local60718- 354300x8000000000000000345259Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.566{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local63350- 354300x8000000000000000345258Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.554{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50292-false23.202.201.246a23-202-201-246.deploy.static.akamaitechnologies.com443https 354300x8000000000000000345257Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.547{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local56890- 354300x8000000000000000345256Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.538{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50289-false199.187.193.182-443https 354300x8000000000000000345255Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.534{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local59941- 354300x8000000000000000345254Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.531{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50291-false35.168.53.23ec2-35-168-53-23.compute-1.amazonaws.com443https 10341000x8000000000000000345253Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.583{6820D070-4AD1-6323-1200-000000007502}3961540C:\Windows\system32\svchost.exe{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cd4|c:\windows\system32\fntcache.dll+17a6f|c:\windows\system32\fntcache.dll+1a637|c:\windows\system32\fntcache.dll+1aa6c|c:\windows\system32\fntcache.dll+501de|c:\windows\system32\fntcache.dll+4fee2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345252Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.582{6820D070-4D64-6323-ED00-000000007502}61404264C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+27040|C:\Program Files\Mozilla Firefox\xul.dll+e7c824|C:\Program Files\Mozilla Firefox\xul.dll+e76539|C:\Program Files\Mozilla Firefox\xul.dll+e76f08|C:\Program Files\Mozilla Firefox\xul.dll+e65430|C:\Program Files\Mozilla Firefox\xul.dll+42b8d36|C:\Program Files\Mozilla Firefox\xul.dll+2412b58|C:\Program Files\Mozilla Firefox\xul.dll+9b8b70|C:\Program Files\Mozilla Firefox\xul.dll+9707a1|C:\Program Files\Mozilla Firefox\xul.dll+1810d8|C:\Program Files\Mozilla Firefox\xul.dll+9bc4e5|C:\Program Files\Mozilla Firefox\xul.dll+97c5dc|C:\Program Files\Mozilla Firefox\xul.dll+97f821|C:\Program Files\Mozilla Firefox\xul.dll+97e4db|C:\Program Files\Mozilla Firefox\xul.dll+97d705|C:\Program Files\Mozilla Firefox\xul.dll+988af0|C:\Program Files\Mozilla Firefox\xul.dll+8b5b12|C:\Program Files\Mozilla Firefox\xul.dll+83635f|C:\Program Files\Mozilla Firefox\xul.dll+1a629d7|C:\Program Files\Mozilla Firefox\xul.dll+17b18ec|C:\Program Files\Mozilla Firefox\xul.dll+1a88fb4|C:\Program Files\Mozilla Firefox\xul.dll+9e349f 10341000x8000000000000000345251Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.576{6820D070-4AD1-6323-1200-000000007502}3961540C:\Windows\system32\svchost.exe{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cd4|c:\windows\system32\fntcache.dll+17a6f|c:\windows\system32\fntcache.dll+1a637|c:\windows\system32\fntcache.dll+1aa6c|c:\windows\system32\fntcache.dll+501de|c:\windows\system32\fntcache.dll+4fee2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000345250Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.570{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\DWrite.dll10.0.14393.4704 (rs1_release.211004-1917)Microsoft DirectX Typography ServicesMicrosoft® Windows® Operating SystemMicrosoft CorporationDWriteMD5=E6024B83C3D336E71E636E2816A0F6C6,SHA256=6BCFB676656A149E0307D6BA0AEE58FA6057BB8A920B57505CD2B90C8968DF94,IMPHASH=4DF173E853B52F621D05CC337B9F72CEtrueMicrosoft WindowsValid 734700x8000000000000000345249Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.568{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\devobj.dll10.0.14393.0 (rs1_release.160715-1616)Device Information Set DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationdevinfoset.DLLMD5=72AD993A6E896EB50058A73D045F3284,SHA256=CFF524F52D5F91788F34A47076E0CA36132890981079B27F559279B3F6FC3B11,IMPHASH=DFDCA72C641F8587ADF49CA0ED1D5817trueMicrosoft WindowsValid 734700x8000000000000000345248Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.568{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\sspicli.dll10.0.14393.5006 (rs1_release.220301-1704)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=F0258C58C8DC45AF9B5AAF9BA49E0C53,SHA256=8E1EAA39742CC0E97D615229E9C13C8447B8D115B4678A1F03BE3E8E20345521,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x8000000000000000345247Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.566{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\userenv.dll10.0.14393.4583 (rs1_release.210730-1850)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=E0F286AF345442E267C33880492CED31,SHA256=5C6D66F5A748551999BE1CDE33A3A1FC2E10D1297EF275D232A9FDCC95BEA84B,IMPHASH=C84FC60AE2A79A06E8C46A6929CDECB4trueMicrosoft WindowsValid 734700x8000000000000000345246Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.566{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\setupapi.dll10.0.14393.2608 (rs1_release.181024-1742)Windows Setup APIMicrosoft® Windows® Operating SystemMicrosoft CorporationSETUPAPI.DLLMD5=8EEA3E9E124AC395915517588723F12E,SHA256=ED63B8F0079069271F46EECCB4B0CF384D02BD1E18FE3BA635A0C0B1284B2CBE,IMPHASH=5910ADAAC44A92AFA6ED871531949CEEtrueMicrosoft WindowsValid 734700x8000000000000000345245Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.561{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ole32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=EB53D1BF6E1667C8727EBBB5D5A862ED,SHA256=2B3D48DFA43A284B1C66A8A98B0A48104133D86EEEB2E8E060BE2281CF476348,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000345244Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.560{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 10341000x8000000000000000345243Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.559{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\lsasrv.dll+26e07|C:\Windows\system32\lsasrv.dll+27f99|C:\Windows\system32\lsasrv.dll+26c85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345242Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.559{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2bdcf|C:\Windows\system32\lsasrv.dll+26bcd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000345241Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.556{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\shlwapi.dll10.0.14393.5125 (rs1_release.220429-1732)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=407E895A220DE1A60C5B555A113FE998,SHA256=FE184347784F83953457146562E0F6C87C8DA04D0288415465631325A2A98C92,IMPHASH=9F3DE8492A7F075320A36332ACC9CAAFtrueMicrosoft WindowsValid 734700x8000000000000000345240Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.552{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575,IMPHASH=CBD4A2FD581B65B4B1934DA291FA2B86trueMicrosoft WindowsValid 734700x8000000000000000345239Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.551{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\sspicli.dll10.0.14393.5006 (rs1_release.220301-1704)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=F0258C58C8DC45AF9B5AAF9BA49E0C53,SHA256=8E1EAA39742CC0E97D615229E9C13C8447B8D115B4678A1F03BE3E8E20345521,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x8000000000000000345238Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.551{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\windows.storage.dll10.0.14393.5291 (rs1_release.220806-1444)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=AA86B65DCB0ECF7263B863DE2A4E8D00,SHA256=2C4E0CA21438A610DCC55E24190146254E959DC5B8A0DE00BE517365CCCB10FB,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 734700x8000000000000000345237Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.549{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\shell32.dll10.0.14393.5291 (rs1_release.220806-1444)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=D73641916AB4964C7FE9B4A37473A01B,SHA256=4BB60581FB93D73CDC4F1FBEA2DDACE5D16FE61B6E0E16622C326B6E2F407A7E,IMPHASH=2A461CACC80CB7AC077398BD06B4057AtrueMicrosoft WindowsValid 18141800x8000000000000000345236Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:27.549{6820D070-4D64-6323-ED00-000000007502}6140\LOCAL\cubeb-pipe-6140-44C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000345235Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:27.549{6820D070-4D64-6323-ED00-000000007502}6140\LOCAL\cubeb-pipe-6140-44C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000345234Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.549{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\userenv.dll10.0.14393.4583 (rs1_release.210730-1850)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=E0F286AF345442E267C33880492CED31,SHA256=5C6D66F5A748551999BE1CDE33A3A1FC2E10D1297EF275D232A9FDCC95BEA84B,IMPHASH=C84FC60AE2A79A06E8C46A6929CDECB4trueMicrosoft WindowsValid 18141800x8000000000000000345233Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:27.549{6820D070-4D64-6323-ED00-000000007502}6140\LOCAL\cubeb-pipe-6140-43C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000345232Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:27.549{6820D070-4D64-6323-ED00-000000007502}6140\LOCAL\cubeb-pipe-6140-43C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000345231Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.545{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 23542300x8000000000000000345230Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.544{6820D070-4ADF-6323-3200-000000007502}2936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\spool\splunk\tracker.logMD5=A4D6D86E77AA487792C61F008FF44893,SHA256=B6D893CF2A24DE67A09ED372FD5297A4379466AEB97671DB886B0258437B9BE4,IMPHASH=00000000000000000000000000000000falsetrue 734700x8000000000000000345229Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.543{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\shlwapi.dll10.0.14393.5125 (rs1_release.220429-1732)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=407E895A220DE1A60C5B555A113FE998,SHA256=FE184347784F83953457146562E0F6C87C8DA04D0288415465631325A2A98C92,IMPHASH=9F3DE8492A7F075320A36332ACC9CAAFtrueMicrosoft WindowsValid 734700x8000000000000000345228Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.543{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575,IMPHASH=CBD4A2FD581B65B4B1934DA291FA2B86trueMicrosoft WindowsValid 734700x8000000000000000345227Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.543{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\windows.storage.dll10.0.14393.5291 (rs1_release.220806-1444)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=AA86B65DCB0ECF7263B863DE2A4E8D00,SHA256=2C4E0CA21438A610DCC55E24190146254E959DC5B8A0DE00BE517365CCCB10FB,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 734700x8000000000000000345226Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.538{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\shell32.dll10.0.14393.5291 (rs1_release.220806-1444)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=D73641916AB4964C7FE9B4A37473A01B,SHA256=4BB60581FB93D73CDC4F1FBEA2DDACE5D16FE61B6E0E16622C326B6E2F407A7E,IMPHASH=2A461CACC80CB7AC077398BD06B4057AtrueMicrosoft WindowsValid 734700x8000000000000000345225Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.538{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704,IMPHASH=1835EBC72F9ADB09C6FCFABC04AC9C89trueMicrosoft WindowsValid 734700x8000000000000000345224Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.538{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winmmbase.dll10.0.14393.0 (rs1_release.160715-1616)Base Multimedia Extension API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMMbase.DLLMD5=24C1E8F8C10471C5A6F0E8AF141211EB,SHA256=75ECAE23C920D81614BA5C0648377C2FC04C7379FD6A388C244A81F50AAB7B1C,IMPHASH=0B9A3C99AAFA99247F9E2BD866186AEAtrueMicrosoft WindowsValid 10341000x8000000000000000345223Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.537{6820D070-4D64-6323-ED00-000000007502}61404264C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+27040|C:\Program Files\Mozilla Firefox\xul.dll+e7c824|C:\Program Files\Mozilla Firefox\xul.dll+e76539|C:\Program Files\Mozilla Firefox\xul.dll+e76f08|C:\Program Files\Mozilla Firefox\xul.dll+e65430|C:\Program Files\Mozilla Firefox\xul.dll+42b8d36|C:\Program Files\Mozilla Firefox\xul.dll+2412b58|C:\Program Files\Mozilla Firefox\xul.dll+9b8b70|C:\Program Files\Mozilla Firefox\xul.dll+9707a1|C:\Program Files\Mozilla Firefox\xul.dll+1810d8|C:\Program Files\Mozilla Firefox\xul.dll+9bc4e5|C:\Program Files\Mozilla Firefox\xul.dll+97c5dc|C:\Program Files\Mozilla Firefox\xul.dll+97f821|C:\Program Files\Mozilla Firefox\xul.dll+97e4db|C:\Program Files\Mozilla Firefox\xul.dll+97d705|C:\Program Files\Mozilla Firefox\xul.dll+988af0|C:\Program Files\Mozilla Firefox\xul.dll+8b5b12|C:\Program Files\Mozilla Firefox\xul.dll+83635f|C:\Program Files\Mozilla Firefox\xul.dll+1a629d7|C:\Program Files\Mozilla Firefox\xul.dll+1a61c23|C:\Program Files\Mozilla Firefox\xul.dll+17b1bad|C:\Program Files\Mozilla Firefox\xul.dll+1a890bb 734700x8000000000000000345222Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.536{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winmm.dll10.0.14393.0 (rs1_release.160715-1616)MCI API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMM.DLLMD5=F16410F5D557337B05CF4F93691EC106,SHA256=2B5BC3C0A6514356C6719298FC25D8D192A2C973EE3283EF48379D2745C9BD87,IMPHASH=9F0D37252D56D3F9E44E69CCC59B57AEtrueMicrosoft WindowsValid 734700x8000000000000000345221Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.531{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704,IMPHASH=1835EBC72F9ADB09C6FCFABC04AC9C89trueMicrosoft WindowsValid 734700x8000000000000000345220Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.529{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winmmbase.dll10.0.14393.0 (rs1_release.160715-1616)Base Multimedia Extension API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMMbase.DLLMD5=24C1E8F8C10471C5A6F0E8AF141211EB,SHA256=75ECAE23C920D81614BA5C0648377C2FC04C7379FD6A388C244A81F50AAB7B1C,IMPHASH=0B9A3C99AAFA99247F9E2BD866186AEAtrueMicrosoft WindowsValid 734700x8000000000000000345219Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.528{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winmm.dll10.0.14393.0 (rs1_release.160715-1616)MCI API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMM.DLLMD5=F16410F5D557337B05CF4F93691EC106,SHA256=2B5BC3C0A6514356C6719298FC25D8D192A2C973EE3283EF48379D2745C9BD87,IMPHASH=9F0D37252D56D3F9E44E69CCC59B57AEtrueMicrosoft WindowsValid 734700x8000000000000000345218Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.517{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\freebl3.dll104.0.2-FirefoxMozilla Foundationfreebl3.dllMD5=E955B74FC4EC39B2FBA71B95F5785511,SHA256=AF895F69461521DC6DE09FA62D81F833D63D8559CA58FDBDACDDEBAF756FE717,IMPHASH=603677F758E7CEE100C502B5C0E50293trueMozilla CorporationValid 734700x8000000000000000345217Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.513{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\softokn3.dll104.0.2-FirefoxMozilla Foundationsoftokn3.dllMD5=4E78CA1C6C19DE0E2F37505183B005A8,SHA256=ADFA856F86B98E90DA37A1BDA1ABC261A6A871042FB342F93F43C6777E9E3CE2,IMPHASH=8217C8B17239D6236F43DE3AC007B8A6trueMozilla CorporationValid 10341000x8000000000000000345216Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.499{6820D070-4AD1-6323-1200-000000007502}3961540C:\Windows\system32\svchost.exe{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cd4|c:\windows\system32\fntcache.dll+17a6f|c:\windows\system32\fntcache.dll+1a637|c:\windows\system32\fntcache.dll+1aa6c|c:\windows\system32\fntcache.dll+501de|c:\windows\system32\fntcache.dll+4fee2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345215Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.497{6820D070-4AD1-6323-1200-000000007502}3961540C:\Windows\system32\svchost.exe{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cd4|c:\windows\system32\fntcache.dll+17a6f|c:\windows\system32\fntcache.dll+1a637|c:\windows\system32\fntcache.dll+1aa6c|c:\windows\system32\fntcache.dll+501de|c:\windows\system32\fntcache.dll+4fee2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345214Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.495{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+406b6|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+54cfb|C:\Windows\System32\RPCRT4.dll+533da|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345213Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.494{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+406b6|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+54cfb|C:\Windows\System32\RPCRT4.dll+533da|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000345212Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.493{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntmarta.dll10.0.14393.0 (rs1_release.160715-1616)Windows NT MARTA providerMicrosoft® Windows® Operating SystemMicrosoft Corporationntmarta.dllMD5=854A3CAE7C97B630158C9F7EE8555970,SHA256=20F0A4D99C5095A0CAC39B816BFC987F64CD051843C79E027714666375986176,IMPHASH=98050D95AE15C8382F287539F2BF65FAtrueMicrosoft WindowsValid 734700x8000000000000000345211Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.492{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\DWrite.dll10.0.14393.4704 (rs1_release.211004-1917)Microsoft DirectX Typography ServicesMicrosoft® Windows® Operating SystemMicrosoft CorporationDWriteMD5=E6024B83C3D336E71E636E2816A0F6C6,SHA256=6BCFB676656A149E0307D6BA0AEE58FA6057BB8A920B57505CD2B90C8968DF94,IMPHASH=4DF173E853B52F621D05CC337B9F72CEtrueMicrosoft WindowsValid 734700x8000000000000000345210Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.491{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntmarta.dll10.0.14393.0 (rs1_release.160715-1616)Windows NT MARTA providerMicrosoft® Windows® Operating SystemMicrosoft Corporationntmarta.dllMD5=854A3CAE7C97B630158C9F7EE8555970,SHA256=20F0A4D99C5095A0CAC39B816BFC987F64CD051843C79E027714666375986176,IMPHASH=98050D95AE15C8382F287539F2BF65FAtrueMicrosoft WindowsValid 734700x8000000000000000345209Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.491{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12,IMPHASH=67E6A4C8E164C0229E3FF1626F1894C6trueMicrosoft WindowsValid 18141800x8000000000000000345208Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:27.490{6820D070-4D64-6323-ED00-000000007502}6140\gecko.6140.5612.13582503618634620272C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000345207Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:27.490{6820D070-4D64-6323-ED00-000000007502}6140\gecko.6140.5612.13582503618634620272C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000345206Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.489{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x8000000000000000345205Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.488{6820D070-4D64-6323-ED00-000000007502}61405612C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1a81b5a|C:\Program Files\Mozilla Firefox\xul.dll+1a7fb67|C:\Program Files\Mozilla Firefox\xul.dll+12cb5|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+127e7|C:\Program Files\Mozilla Firefox\xul.dll+9e0231|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000345204Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.488{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\devobj.dll10.0.14393.0 (rs1_release.160715-1616)Device Information Set DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationdevinfoset.DLLMD5=72AD993A6E896EB50058A73D045F3284,SHA256=CFF524F52D5F91788F34A47076E0CA36132890981079B27F559279B3F6FC3B11,IMPHASH=DFDCA72C641F8587ADF49CA0ED1D5817trueMicrosoft WindowsValid 18141800x8000000000000000345203Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:27.487{6820D070-4D64-6323-ED00-000000007502}6140\gecko.6140.5612.13789294120864309288C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000345202Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.487{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12,IMPHASH=67E6A4C8E164C0229E3FF1626F1894C6trueMicrosoft WindowsValid 18141800x8000000000000000345201Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:27.487{6820D070-4D64-6323-ED00-000000007502}6140\chrome.6140.48.43539839C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000345200Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:27.487{6820D070-4D64-6323-ED00-000000007502}6140\gecko.6140.5612.13789294120864309288C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000345199Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.486{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\setupapi.dll10.0.14393.2608 (rs1_release.181024-1742)Windows Setup APIMicrosoft® Windows® Operating SystemMicrosoft CorporationSETUPAPI.DLLMD5=8EEA3E9E124AC395915517588723F12E,SHA256=ED63B8F0079069271F46EECCB4B0CF384D02BD1E18FE3BA635A0C0B1284B2CBE,IMPHASH=5910ADAAC44A92AFA6ED871531949CEEtrueMicrosoft WindowsValid 734700x8000000000000000345198Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.486{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x8000000000000000345197Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.484{6820D070-4D64-6323-ED00-000000007502}61405612C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1a81b5a|C:\Program Files\Mozilla Firefox\xul.dll+1a7fb67|C:\Program Files\Mozilla Firefox\xul.dll+12cb5|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+127e7|C:\Program Files\Mozilla Firefox\xul.dll+9e0231|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000345196Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:27.484{6820D070-4D64-6323-ED00-000000007502}6140\chrome.6140.47.45105032C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000345195Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.479{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ole32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=EB53D1BF6E1667C8727EBBB5D5A862ED,SHA256=2B3D48DFA43A284B1C66A8A98B0A48104133D86EEEB2E8E060BE2281CF476348,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 10341000x8000000000000000345194Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.478{6820D070-4D64-6323-ED00-000000007502}61404084C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+114dfb|C:\Program Files\Mozilla Firefox\xul.dll+12ee2b1|C:\Windows\SYSTEM32\ntdll.dll+7f61d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed13|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000345193Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:27.478{6820D070-4D64-6323-ED00-000000007502}6140\gecko-crash-server-pipe.6140C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000345192Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.478{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\lsasrv.dll+26e07|C:\Windows\system32\lsasrv.dll+27f99|C:\Windows\system32\lsasrv.dll+26c85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345191Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.478{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2bdcf|C:\Windows\system32\lsasrv.dll+26bcd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000345190Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.477{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\sspicli.dll10.0.14393.5006 (rs1_release.220301-1704)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=F0258C58C8DC45AF9B5AAF9BA49E0C53,SHA256=8E1EAA39742CC0E97D615229E9C13C8447B8D115B4678A1F03BE3E8E20345521,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 10341000x8000000000000000345189Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.474{6820D070-4D64-6323-ED00-000000007502}61404084C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+114dfb|C:\Program Files\Mozilla Firefox\xul.dll+12ee2b1|C:\Windows\SYSTEM32\ntdll.dll+7f61d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed13|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000345188Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:27.474{6820D070-4D64-6323-ED00-000000007502}6140\gecko-crash-server-pipe.6140C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000345187Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.472{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\userenv.dll10.0.14393.4583 (rs1_release.210730-1850)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=E0F286AF345442E267C33880492CED31,SHA256=5C6D66F5A748551999BE1CDE33A3A1FC2E10D1297EF275D232A9FDCC95BEA84B,IMPHASH=C84FC60AE2A79A06E8C46A6929CDECB4trueMicrosoft WindowsValid 734700x8000000000000000345186Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.470{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 734700x8000000000000000345185Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.469{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\shlwapi.dll10.0.14393.5125 (rs1_release.220429-1732)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=407E895A220DE1A60C5B555A113FE998,SHA256=FE184347784F83953457146562E0F6C87C8DA04D0288415465631325A2A98C92,IMPHASH=9F3DE8492A7F075320A36332ACC9CAAFtrueMicrosoft WindowsValid 734700x8000000000000000345184Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.468{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\version.dll10.0.14393.0 (rs1_release.160715-1616)Version Checking and File Installation LibrariesMicrosoft® Windows® Operating SystemMicrosoft CorporationVERSION.DLLMD5=CFDB018AC09F879CAAE7A66CA7880D57,SHA256=6AB95FD0D142CFFC3B9455AF51F003E1CD75B7F4323820390B975F9E1C8A47A5,IMPHASH=9A7C66851249D4CED6C2C9096DCA243BtrueMicrosoft WindowsValid 734700x8000000000000000345183Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.468{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575,IMPHASH=CBD4A2FD581B65B4B1934DA291FA2B86trueMicrosoft WindowsValid 734700x8000000000000000345182Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.468{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\SHCore.dll10.0.14393.5066 (rs1_release.220401-1841)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=FC58D75DDAF44088B9101BE2418B1967,SHA256=74A0CCA04F2405A329897A6A1A3E90A0CE48E5772F85E7188C75677CD9D78160,IMPHASH=3C09BDCE2388320645D7656AE2AC744CtrueMicrosoft WindowsValid 734700x8000000000000000345181Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.467{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\combase.dll10.0.14393.5192 (rs1_release.220610-1622)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=336FBB55FF4D4E5A05343A51C98A8F74,SHA256=FD42EBCB39DD4311FA7515010FF4D08AC4DFF7D5C35FCB23207833ED4C2E8444,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000345180Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.467{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000345179Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.467{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\version.dll10.0.14393.0 (rs1_release.160715-1616)Version Checking and File Installation LibrariesMicrosoft® Windows® Operating SystemMicrosoft CorporationVERSION.DLLMD5=CFDB018AC09F879CAAE7A66CA7880D57,SHA256=6AB95FD0D142CFFC3B9455AF51F003E1CD75B7F4323820390B975F9E1C8A47A5,IMPHASH=9A7C66851249D4CED6C2C9096DCA243BtrueMicrosoft WindowsValid 734700x8000000000000000345178Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.466{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\windows.storage.dll10.0.14393.5291 (rs1_release.220806-1444)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=AA86B65DCB0ECF7263B863DE2A4E8D00,SHA256=2C4E0CA21438A610DCC55E24190146254E959DC5B8A0DE00BE517365CCCB10FB,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 734700x8000000000000000345177Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.466{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\SHCore.dll10.0.14393.5066 (rs1_release.220401-1841)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=FC58D75DDAF44088B9101BE2418B1967,SHA256=74A0CCA04F2405A329897A6A1A3E90A0CE48E5772F85E7188C75677CD9D78160,IMPHASH=3C09BDCE2388320645D7656AE2AC744CtrueMicrosoft WindowsValid 734700x8000000000000000345176Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.466{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000345175Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.465{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\combase.dll10.0.14393.5192 (rs1_release.220610-1622)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=336FBB55FF4D4E5A05343A51C98A8F74,SHA256=FD42EBCB39DD4311FA7515010FF4D08AC4DFF7D5C35FCB23207833ED4C2E8444,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000345174Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.465{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36,IMPHASH=FF25576501EAFD13671A6D5075C4513EtrueMicrosoft WindowsValid 734700x8000000000000000345173Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.464{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 10341000x8000000000000000345172Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.463{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exe0x1010C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000345171Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.463{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 734700x8000000000000000345170Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.463{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000345169Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.462{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 10341000x8000000000000000345168Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.462{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 734700x8000000000000000345167Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.460{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\shell32.dll10.0.14393.5291 (rs1_release.220806-1444)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=D73641916AB4964C7FE9B4A37473A01B,SHA256=4BB60581FB93D73CDC4F1FBEA2DDACE5D16FE61B6E0E16622C326B6E2F407A7E,IMPHASH=2A461CACC80CB7AC077398BD06B4057AtrueMicrosoft WindowsValid 10341000x8000000000000000345166Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.460{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exe0x1010C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000345165Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.460{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000345164Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.460{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-2301-000000007502}7208C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 734700x8000000000000000345163Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.460{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wintrust.dll10.0.14393.5125 (rs1_release.220429-1732)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=55FCE44E89BDA2444619661FE50F43EE,SHA256=420CACA0D821E7E9F1D1E683E9899BC2F6D5A4AA06C8D4BB23335DD9490CC0F8,IMPHASH=8B8383FC3FA03C92F859A2AF899A52ADtrueMicrosoft WindowsValid 734700x8000000000000000345162Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.459{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll104.0.2-FirefoxMozilla Foundationxul.dllMD5=0A51F22D078855CE4E32F0987E9B06C6,SHA256=CD073C7F42A13D192E8E96AC16B0C2BE56D40424768DC65733380AB4AFBD4716,IMPHASH=9A9A84C657A1B1C5F1F6F1989D349543trueMozilla CorporationValid 734700x8000000000000000345161Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.457{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\lgpllibs.dll104.0.2-FirefoxMozilla Foundationlgpllibs.dllMD5=8A81C934123E7CA79B7A1741570D3336,SHA256=0A0F351BBB315E6364398A55F77607E57C29CB83BEE9FC6D7EA6DC3D761964DA,IMPHASH=451AECEA9F58042E76D96A82BE2804FAtrueMozilla CorporationValid 734700x8000000000000000345160Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.456{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36,IMPHASH=FF25576501EAFD13671A6D5075C4513EtrueMicrosoft WindowsValid 734700x8000000000000000345159Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.456{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 18141800x8000000000000000345158Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:27.455{6820D070-4D64-6323-ED00-000000007502}6140\LOCAL\cubeb-pipe-6140-42C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000345157Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:27.455{6820D070-4D64-6323-ED00-000000007502}6140\LOCAL\cubeb-pipe-6140-42C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000345156Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.455{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wintrust.dll10.0.14393.5125 (rs1_release.220429-1732)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=55FCE44E89BDA2444619661FE50F43EE,SHA256=420CACA0D821E7E9F1D1E683E9899BC2F6D5A4AA06C8D4BB23335DD9490CC0F8,IMPHASH=8B8383FC3FA03C92F859A2AF899A52ADtrueMicrosoft WindowsValid 734700x8000000000000000345155Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.455{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wsock32.dll10.0.14393.0 (rs1_release.160715-1616)Windows Socket 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationwsock32.dllMD5=9471D5E2FEDF5552440BF935143DFAB0,SHA256=B489197F05EFFFB17F10FA9942DB88100C86BEB8291F9ACC8EB38BEF751BF90D,IMPHASH=6D33A1BDF842DEBFB889C44A830190E7trueMicrosoft WindowsValid 734700x8000000000000000345154Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.454{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000345153Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.454{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\rpcrt4.dll10.0.14393.5291 (rs1_release.220806-1444)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=F8550606B41FF309D9A1DC76BB4EE875,SHA256=A1FFDD6A2EDA9E0CF047C74B00649A2EA228E3B8BDE1761C66879FA40335C2EB,IMPHASH=C4246EC3F13C64466ED4274DBAA3B132trueMicrosoft WindowsValid 734700x8000000000000000345152Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.453{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\sechost.dll10.0.14393.5006 (rs1_release.220301-1704)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=9F0F4C38A22FC9FFB8814F77A9563680,SHA256=E9ABDA1063716301F5D06DBC94D6A35B3F53A14B946525E5F764485132DB6166,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000345151Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.453{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000345150Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.453{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\advapi32.dll10.0.14393.4886 (rs1_release.220104-1735)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=C42106182CCA611F629E46981D1A0EEA,SHA256=68C134F95A8D38AE84545C8D581F4BF808B6C9D97513EA3CABF019C66419CBAE,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x8000000000000000345149Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.453{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\nss3.dll104.0.2-FirefoxMozilla Foundationnss3.dllMD5=53509A4511300964ADB047AD5F1F1170,SHA256=2241536476C6C2CCE371DCFB08432C351198809A577FFC2E79D27FCEAAB6FEE5,IMPHASH=C637BF48786E5FC945D5268F49B50500trueMozilla CorporationValid 734700x8000000000000000345148Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.452{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll104.0.2-FirefoxMozilla Foundationxul.dllMD5=0A51F22D078855CE4E32F0987E9B06C6,SHA256=CD073C7F42A13D192E8E96AC16B0C2BE56D40424768DC65733380AB4AFBD4716,IMPHASH=9A9A84C657A1B1C5F1F6F1989D349543trueMozilla CorporationValid 734700x8000000000000000345147Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.452{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704,IMPHASH=1835EBC72F9ADB09C6FCFABC04AC9C89trueMicrosoft WindowsValid 734700x8000000000000000345146Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.452{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\lgpllibs.dll104.0.2-FirefoxMozilla Foundationlgpllibs.dllMD5=8A81C934123E7CA79B7A1741570D3336,SHA256=0A0F351BBB315E6364398A55F77607E57C29CB83BEE9FC6D7EA6DC3D761964DA,IMPHASH=451AECEA9F58042E76D96A82BE2804FAtrueMozilla CorporationValid 734700x8000000000000000345145Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.451{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winmmbase.dll10.0.14393.0 (rs1_release.160715-1616)Base Multimedia Extension API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMMbase.DLLMD5=24C1E8F8C10471C5A6F0E8AF141211EB,SHA256=75ECAE23C920D81614BA5C0648377C2FC04C7379FD6A388C244A81F50AAB7B1C,IMPHASH=0B9A3C99AAFA99247F9E2BD866186AEAtrueMicrosoft WindowsValid 734700x8000000000000000345144Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.450{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winmm.dll10.0.14393.0 (rs1_release.160715-1616)MCI API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMM.DLLMD5=F16410F5D557337B05CF4F93691EC106,SHA256=2B5BC3C0A6514356C6719298FC25D8D192A2C973EE3283EF48379D2745C9BD87,IMPHASH=9F0D37252D56D3F9E44E69CCC59B57AEtrueMicrosoft WindowsValid 734700x8000000000000000345143Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.450{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wsock32.dll10.0.14393.0 (rs1_release.160715-1616)Windows Socket 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationwsock32.dllMD5=9471D5E2FEDF5552440BF935143DFAB0,SHA256=B489197F05EFFFB17F10FA9942DB88100C86BEB8291F9ACC8EB38BEF751BF90D,IMPHASH=6D33A1BDF842DEBFB889C44A830190E7trueMicrosoft WindowsValid 734700x8000000000000000345142Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.449{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\mswsock.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft Windows Sockets 2.0 Service ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationmswsock.dllMD5=B52ACA309FD6F72105951FFBA022327B,SHA256=02AB6CCE4BF0D3F075D5E982F5A4CBDB514CE7C245EA474D7846A86CD3F13202,IMPHASH=0E9C1FA273A5EFD763FAC8E145B20C80trueMicrosoft WindowsValid 734700x8000000000000000345141Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.448{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000345140Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.448{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\rpcrt4.dll10.0.14393.5291 (rs1_release.220806-1444)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=F8550606B41FF309D9A1DC76BB4EE875,SHA256=A1FFDD6A2EDA9E0CF047C74B00649A2EA228E3B8BDE1761C66879FA40335C2EB,IMPHASH=C4246EC3F13C64466ED4274DBAA3B132trueMicrosoft WindowsValid 734700x8000000000000000345139Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.447{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\sechost.dll10.0.14393.5006 (rs1_release.220301-1704)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=9F0F4C38A22FC9FFB8814F77A9563680,SHA256=E9ABDA1063716301F5D06DBC94D6A35B3F53A14B946525E5F764485132DB6166,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000345138Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.446{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000345137Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.444{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 734700x8000000000000000345136Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.443{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\advapi32.dll10.0.14393.4886 (rs1_release.220104-1735)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=C42106182CCA611F629E46981D1A0EEA,SHA256=68C134F95A8D38AE84545C8D581F4BF808B6C9D97513EA3CABF019C66419CBAE,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x8000000000000000345135Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.442{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\gdi32full.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F284A98093B423946252259D7D2857D3,SHA256=193F70529B68EF108EA17ABC069E6DACF4541A547DF1D2F249F7555A58BCFA07,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000345134Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.441{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\nss3.dll104.0.2-FirefoxMozilla Foundationnss3.dllMD5=53509A4511300964ADB047AD5F1F1170,SHA256=2241536476C6C2CCE371DCFB08432C351198809A577FFC2E79D27FCEAAB6FEE5,IMPHASH=C637BF48786E5FC945D5268F49B50500trueMozilla CorporationValid 734700x8000000000000000345133Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.441{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000345132Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.440{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000345131Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.440{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000345130Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.438{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 734700x8000000000000000345129Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.437{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4770 (rs1_release.211101-1440)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=54417B63FB3760BC6DBC5DB1BDA4C272,SHA256=B7A8B457B252AB949C067D5FCFEFB2AE98E9115B958D2A0FC120D7B13B3E9FAD,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000345128Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.436{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\gdi32full.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F284A98093B423946252259D7D2857D3,SHA256=193F70529B68EF108EA17ABC069E6DACF4541A547DF1D2F249F7555A58BCFA07,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000345127Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.435{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000345126Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.435{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000345125Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.434{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000345124Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.432{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000345123Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.428{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\vcruntime140_1.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140_1.dllMD5=135359D350F72AD4BF716B764D39E749,SHA256=34048ABAA070ECC13B318CEA31425F4CA3EDD133D350318AC65259E6058C8B32,IMPHASH=AE0BDE6314FA2027B54CE04898F6AB69trueMicrosoft CorporationValid 734700x8000000000000000345122Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.428{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\vcruntime140.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140.dllMD5=F34EB034AA4A9735218686590CBA2E8B,SHA256=9D2B40F0395CC5D1B4D5EA17B84970C29971D448C37104676DB577586D4AD1B1,IMPHASH=44C3854843F7A3FCCDF8DDBBEA66F302trueMicrosoft CorporationValid 734700x8000000000000000345121Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.427{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4770 (rs1_release.211101-1440)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=54417B63FB3760BC6DBC5DB1BDA4C272,SHA256=B7A8B457B252AB949C067D5FCFEFB2AE98E9115B958D2A0FC120D7B13B3E9FAD,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000345120Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.427{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp140.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationmsvcp140.dllMD5=6DA7F4530EDB350CF9D967D969CCECF8,SHA256=9FEE6F36547D6F6EA7CA0338655555DBA6BB0F798BC60334D29B94D1547DA4DA,IMPHASH=2BA11FD5A511C8A409E705E9AB6B5DC1trueMicrosoft CorporationValid 10341000x8000000000000000345119Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.427{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+406b6|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+54cfb|C:\Windows\System32\RPCRT4.dll+533da|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000345118Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.425{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242,IMPHASH=B6562243FBF394F03046E917C719260FtrueMicrosoft WindowsValid 10341000x8000000000000000345117Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.421{6820D070-4DFB-6323-3001-000000007502}91129116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6820D070-4ADF-6323-3200-000000007502}2936C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6ae795|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6ae2c6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+643d8|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+65dfc|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+9dcf50|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000345116Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.423{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 18141800x8000000000000000345115Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:27.423{6820D070-4D64-6323-ED00-000000007502}6140\gecko.6140.5612.50298953819550748C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000345114Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:27.423{6820D070-4D64-6323-ED00-000000007502}6140\gecko.6140.5612.50298953819550748C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000345113Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.422{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\crypt32.dll10.0.14393.5291 (rs1_release.220806-1444)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=0D54B119907CCD11827832973EAB917D,SHA256=78C28A0165B0A2581662CFB3A89E319006518DC2E1A664E6027C7F8EBFA05D92,IMPHASH=42B269CD88D7BD841B43BB1788792A62trueMicrosoft WindowsValid 734700x8000000000000000345112Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.421{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\mozglue.dll104.0.2-FirefoxMozilla Foundationmozglue.dllMD5=D81C40EAA529D675598BD3D88F4D273B,SHA256=F89754F1E16A89AF01B5A3B2F4FDE652AA14DBA3131FB9A831D1E51E2E4D9359,IMPHASH=59035CC8561E9C04E566E656F35B9519trueMozilla CorporationValid 734700x8000000000000000345111Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.420{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000345110Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.414{6820D070-4DFB-6323-3001-000000007502}9112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000345109Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.410{6820D070-4DFB-6323-3001-000000007502}9112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x8000000000000000345108Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.403{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntmarta.dll10.0.14393.0 (rs1_release.160715-1616)Windows NT MARTA providerMicrosoft® Windows® Operating SystemMicrosoft Corporationntmarta.dllMD5=854A3CAE7C97B630158C9F7EE8555970,SHA256=20F0A4D99C5095A0CAC39B816BFC987F64CD051843C79E027714666375986176,IMPHASH=98050D95AE15C8382F287539F2BF65FAtrueMicrosoft WindowsValid 734700x8000000000000000345107Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.401{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12,IMPHASH=67E6A4C8E164C0229E3FF1626F1894C6trueMicrosoft WindowsValid 734700x8000000000000000345106Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.400{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x8000000000000000345105Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.399{6820D070-4D64-6323-ED00-000000007502}61405612C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1a81b5a|C:\Program Files\Mozilla Firefox\xul.dll+1a7fb67|C:\Program Files\Mozilla Firefox\xul.dll+12cb5|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+127e7|C:\Program Files\Mozilla Firefox\xul.dll+9e0231|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000345104Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:27.394{6820D070-4D64-6323-ED00-000000007502}6140\chrome.6140.46.55332363C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000345103Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.392{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\vcruntime140_1.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140_1.dllMD5=135359D350F72AD4BF716B764D39E749,SHA256=34048ABAA070ECC13B318CEA31425F4CA3EDD133D350318AC65259E6058C8B32,IMPHASH=AE0BDE6314FA2027B54CE04898F6AB69trueMicrosoft CorporationValid 10341000x8000000000000000345102Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.389{6820D070-4AD1-6323-1200-000000007502}3961540C:\Windows\system32\svchost.exe{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cd4|c:\windows\system32\fntcache.dll+17a6f|c:\windows\system32\fntcache.dll+1a637|c:\windows\system32\fntcache.dll+1aa6c|c:\windows\system32\fntcache.dll+501de|c:\windows\system32\fntcache.dll+4fee2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000345101Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.387{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\KernelBase.dll10.0.14393.5246 (rs1_release.220701-1744)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=96EFBE3DB6300BB13E0720809302FF9F,SHA256=2DE51A861E8D47D75730027E8BD70554363E10449EC258527C491EE8D4A57C2F,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 10341000x8000000000000000345100Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.382{6820D070-4D64-6323-ED00-000000007502}61404084C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+114dfb|C:\Program Files\Mozilla Firefox\xul.dll+12ee2b1|C:\Windows\SYSTEM32\ntdll.dll+7f61d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed13|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000345099Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:27.380{6820D070-4D64-6323-ED00-000000007502}6140\gecko-crash-server-pipe.6140C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000345098Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.380{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\vcruntime140.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140.dllMD5=F34EB034AA4A9735218686590CBA2E8B,SHA256=9D2B40F0395CC5D1B4D5EA17B84970C29971D448C37104676DB577586D4AD1B1,IMPHASH=44C3854843F7A3FCCDF8DDBBEA66F302trueMicrosoft CorporationValid 734700x8000000000000000345097Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.378{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=92D599E644B89C0F9E7DDB55762EBEA6,SHA256=F32D28EE73EADAF9EF3F30145FA3C52B88DF47236B8747434750832BF1B9CDEE,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000345096Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.374{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntdll.dll10.0.14393.5006 (rs1_release.220301-1704)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=F5EE39B17A8BCDEDC3D40997C26F62B1,SHA256=11C1C88B1CC11D9800DEEF27ED7ABDFDE3DC852687A3B9FBD5153284106E5952,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x8000000000000000345095Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.366{6820D070-4D64-6323-ED00-000000007502}61404264C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+27040|C:\Program Files\Mozilla Firefox\xul.dll+e7c824|C:\Program Files\Mozilla Firefox\xul.dll+e76539|C:\Program Files\Mozilla Firefox\xul.dll+e76f08|C:\Program Files\Mozilla Firefox\xul.dll+e65430|C:\Program Files\Mozilla Firefox\xul.dll+42b8d36|C:\Program Files\Mozilla Firefox\xul.dll+2412b58|C:\Program Files\Mozilla Firefox\xul.dll+9b8b70|C:\Program Files\Mozilla Firefox\xul.dll+9707a1|C:\Program Files\Mozilla Firefox\xul.dll+1810d8|C:\Program Files\Mozilla Firefox\xul.dll+9bc4e5|C:\Program Files\Mozilla Firefox\xul.dll+2349237|C:\Program Files\Mozilla Firefox\xul.dll+2349617|C:\Program Files\Mozilla Firefox\xul.dll+8ca7f6|C:\Program Files\Mozilla Firefox\xul.dll+98b446|C:\Program Files\Mozilla Firefox\xul.dll+98a56a|C:\Program Files\Mozilla Firefox\xul.dll+8b6343|C:\Program Files\Mozilla Firefox\xul.dll+8b5b65|C:\Program Files\Mozilla Firefox\xul.dll+83635f|C:\Program Files\Mozilla Firefox\xul.dll+1a629d7|C:\Program Files\Mozilla Firefox\xul.dll+17b18ec|C:\Program Files\Mozilla Firefox\xul.dll+1a88fb4 734700x8000000000000000345094Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.359{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\firefox.exe104.0.2FirefoxFirefoxMozilla Corporationfirefox.exeMD5=BBF69077780A3C362C8F6545B6B254B9,SHA256=9BA01237719ABB00128CC369D5BEA68E6EB6AFCAA47C4316EED174615B90E2B6,IMPHASH=9AE80BC4D7F699F3663D6FC8FC1CEAF0trueMozilla CorporationValid 10341000x8000000000000000345093Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.357{6820D070-4D64-6323-ED00-000000007502}61404264C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+27040|C:\Program Files\Mozilla Firefox\xul.dll+e7c824|C:\Program Files\Mozilla Firefox\xul.dll+e76539|C:\Program Files\Mozilla Firefox\xul.dll+e6774a|C:\Program Files\Mozilla Firefox\xul.dll+e75602|C:\Program Files\Mozilla Firefox\xul.dll+7c6334|C:\Program Files\Mozilla Firefox\xul.dll+1a629d7|C:\Program Files\Mozilla Firefox\xul.dll+1a61c23|C:\Program Files\Mozilla Firefox\xul.dll+17b1bad|C:\Program Files\Mozilla Firefox\xul.dll+1a890bb|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+1fc8e|C:\Program Files\Mozilla Firefox\xul.dll+180dd8|C:\Program Files\Mozilla Firefox\xul.dll+17fd52|C:\Program Files\Mozilla Firefox\xul.dll+44a9b51|C:\Program Files\Mozilla Firefox\xul.dll+4511b42|C:\Program Files\Mozilla Firefox\xul.dll+451296c|C:\Program Files\Mozilla Firefox\xul.dll+1f8be23|C:\Program Files\Mozilla Firefox\firefox.exe+19db6|C:\Program Files\Mozilla Firefox\firefox.exe+27d18|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345092Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.356{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345091Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.356{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345090Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.356{6820D070-4D64-6323-ED00-000000007502}61405612C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+9f9b59|C:\Program Files\Mozilla Firefox\xul.dll+7c6334|C:\Program Files\Mozilla Firefox\xul.dll+1a7fd3f|C:\Program Files\Mozilla Firefox\xul.dll+12cb5|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+127e7|C:\Program Files\Mozilla Firefox\xul.dll+9e0231|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345089Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.356{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345088Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.356{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345087Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.354{6820D070-4B7C-6323-8800-000000007502}628648C:\Windows\system32\csrss.exe{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000345086Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.354{6820D070-4D64-6323-ED00-000000007502}61405840C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b830|C:\Windows\System32\KERNELBASE.dll+6f523|C:\Windows\System32\ADVAPI32.dll+189bf|C:\Program Files\Mozilla Firefox\firefox.exe+2bb52|C:\Program Files\Mozilla Firefox\firefox.exe+59d7|C:\Program Files\Mozilla Firefox\xul.dll+203367f|C:\Program Files\Mozilla Firefox\xul.dll+9f4a88|C:\Program Files\Mozilla Firefox\xul.dll+9f2b85|C:\Program Files\Mozilla Firefox\xul.dll+9faa2e|C:\Program Files\Mozilla Firefox\xul.dll+84ead3|C:\Program Files\Mozilla Firefox\xul.dll+17b26ed|C:\Program Files\Mozilla Firefox\xul.dll+17b0967|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+1fc8e|C:\Program Files\Mozilla Firefox\xul.dll+8523f7|C:\Program Files\Mozilla Firefox\nss3.dll+75edc|C:\Program Files\Mozilla Firefox\nss3.dll+8c1d1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000345085Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.354{6820D070-4DFB-6323-3401-000000007502}8232C:\Program Files\Mozilla Firefox\firefox.exe104.0.2FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6140.48.435398396\23121812" -childID 45 -isForBrowser -prefsHandle 11084 -prefMapHandle 10364 -prefsLen 31603 -prefMapSize 231974 -jsInitHandle 1100 -jsInitLen 247228 -a11yResourceId 64 -parentBuildID 20220902153754 -appDir "C:\Program Files\Mozilla Firefox\browser" - 6140 "\\.\pipe\gecko-crash-server-pipe.6140" 11096 2612aa9e548 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{6820D070-4B7D-6323-1F63-0C0000000000}0xc631f2LowMD5=BBF69077780A3C362C8F6545B6B254B9,SHA256=9BA01237719ABB00128CC369D5BEA68E6EB6AFCAA47C4316EED174615B90E2B6,IMPHASH=9AE80BC4D7F699F3663D6FC8FC1CEAF0{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 734700x8000000000000000345084Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.353{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\version.dll10.0.14393.0 (rs1_release.160715-1616)Version Checking and File Installation LibrariesMicrosoft® Windows® Operating SystemMicrosoft CorporationVERSION.DLLMD5=CFDB018AC09F879CAAE7A66CA7880D57,SHA256=6AB95FD0D142CFFC3B9455AF51F003E1CD75B7F4323820390B975F9E1C8A47A5,IMPHASH=9A7C66851249D4CED6C2C9096DCA243BtrueMicrosoft WindowsValid 10341000x8000000000000000345083Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.353{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345082Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.352{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345081Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.352{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000345080Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.352{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\SHCore.dll10.0.14393.5066 (rs1_release.220401-1841)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=FC58D75DDAF44088B9101BE2418B1967,SHA256=74A0CCA04F2405A329897A6A1A3E90A0CE48E5772F85E7188C75677CD9D78160,IMPHASH=3C09BDCE2388320645D7656AE2AC744CtrueMicrosoft WindowsValid 10341000x8000000000000000345079Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.352{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345078Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.352{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000345077Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.352{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\combase.dll10.0.14393.5192 (rs1_release.220610-1622)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=336FBB55FF4D4E5A05343A51C98A8F74,SHA256=FD42EBCB39DD4311FA7515010FF4D08AC4DFF7D5C35FCB23207833ED4C2E8444,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 10341000x8000000000000000345076Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.351{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345075Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.351{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345074Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.351{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000345073Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.351{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 10341000x8000000000000000345072Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.351{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345071Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.350{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345070Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.350{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000345069Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.350{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 10341000x8000000000000000345068Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.350{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345067Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.350{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000345066Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.350{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36,IMPHASH=FF25576501EAFD13671A6D5075C4513EtrueMicrosoft WindowsValid 10341000x8000000000000000345065Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.350{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345064Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.349{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345063Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.349{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345062Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.349{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000345061Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.349{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 10341000x8000000000000000345060Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.349{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345059Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.348{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000345058Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.348{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wintrust.dll10.0.14393.5125 (rs1_release.220429-1732)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=55FCE44E89BDA2444619661FE50F43EE,SHA256=420CACA0D821E7E9F1D1E683E9899BC2F6D5A4AA06C8D4BB23335DD9490CC0F8,IMPHASH=8B8383FC3FA03C92F859A2AF899A52ADtrueMicrosoft WindowsValid 734700x8000000000000000345057Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.348{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll104.0.2-FirefoxMozilla Foundationxul.dllMD5=0A51F22D078855CE4E32F0987E9B06C6,SHA256=CD073C7F42A13D192E8E96AC16B0C2BE56D40424768DC65733380AB4AFBD4716,IMPHASH=9A9A84C657A1B1C5F1F6F1989D349543trueMozilla CorporationValid 734700x8000000000000000345056Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.348{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\lgpllibs.dll104.0.2-FirefoxMozilla Foundationlgpllibs.dllMD5=8A81C934123E7CA79B7A1741570D3336,SHA256=0A0F351BBB315E6364398A55F77607E57C29CB83BEE9FC6D7EA6DC3D761964DA,IMPHASH=451AECEA9F58042E76D96A82BE2804FAtrueMozilla CorporationValid 10341000x8000000000000000345055Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.347{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345054Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.347{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345053Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.347{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345052Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.347{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345051Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.346{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345050Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.346{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000345049Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.346{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wsock32.dll10.0.14393.0 (rs1_release.160715-1616)Windows Socket 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationwsock32.dllMD5=9471D5E2FEDF5552440BF935143DFAB0,SHA256=B489197F05EFFFB17F10FA9942DB88100C86BEB8291F9ACC8EB38BEF751BF90D,IMPHASH=6D33A1BDF842DEBFB889C44A830190E7trueMicrosoft WindowsValid 734700x8000000000000000345048Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.346{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp140.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationmsvcp140.dllMD5=6DA7F4530EDB350CF9D967D969CCECF8,SHA256=9FEE6F36547D6F6EA7CA0338655555DBA6BB0F798BC60334D29B94D1547DA4DA,IMPHASH=2BA11FD5A511C8A409E705E9AB6B5DC1trueMicrosoft CorporationValid 10341000x8000000000000000345047Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.346{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000345046Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.345{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242,IMPHASH=B6562243FBF394F03046E917C719260FtrueMicrosoft WindowsValid 734700x8000000000000000345045Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.345{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000345044Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.345{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\crypt32.dll10.0.14393.5291 (rs1_release.220806-1444)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=0D54B119907CCD11827832973EAB917D,SHA256=78C28A0165B0A2581662CFB3A89E319006518DC2E1A664E6027C7F8EBFA05D92,IMPHASH=42B269CD88D7BD841B43BB1788792A62trueMicrosoft WindowsValid 734700x8000000000000000345043Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.344{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\rpcrt4.dll10.0.14393.5291 (rs1_release.220806-1444)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=F8550606B41FF309D9A1DC76BB4EE875,SHA256=A1FFDD6A2EDA9E0CF047C74B00649A2EA228E3B8BDE1761C66879FA40335C2EB,IMPHASH=C4246EC3F13C64466ED4274DBAA3B132trueMicrosoft WindowsValid 734700x8000000000000000345042Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.344{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\mozglue.dll104.0.2-FirefoxMozilla Foundationmozglue.dllMD5=D81C40EAA529D675598BD3D88F4D273B,SHA256=F89754F1E16A89AF01B5A3B2F4FDE652AA14DBA3131FB9A831D1E51E2E4D9359,IMPHASH=59035CC8561E9C04E566E656F35B9519trueMozilla CorporationValid 734700x8000000000000000345041Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.344{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\sechost.dll10.0.14393.5006 (rs1_release.220301-1704)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=9F0F4C38A22FC9FFB8814F77A9563680,SHA256=E9ABDA1063716301F5D06DBC94D6A35B3F53A14B946525E5F764485132DB6166,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 17141700x8000000000000000345040Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:27.343{6820D070-4D64-6323-ED00-000000007502}6140\chrome.6140.48.43539839C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000345039Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.343{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000345038Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.343{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000345037Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.342{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\advapi32.dll10.0.14393.4886 (rs1_release.220104-1735)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=C42106182CCA611F629E46981D1A0EEA,SHA256=68C134F95A8D38AE84545C8D581F4BF808B6C9D97513EA3CABF019C66419CBAE,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x8000000000000000345036Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.342{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\nss3.dll104.0.2-FirefoxMozilla Foundationnss3.dllMD5=53509A4511300964ADB047AD5F1F1170,SHA256=2241536476C6C2CCE371DCFB08432C351198809A577FFC2E79D27FCEAAB6FEE5,IMPHASH=C637BF48786E5FC945D5268F49B50500trueMozilla CorporationValid 734700x8000000000000000345035Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.341{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\KernelBase.dll10.0.14393.5246 (rs1_release.220701-1744)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=96EFBE3DB6300BB13E0720809302FF9F,SHA256=2DE51A861E8D47D75730027E8BD70554363E10449EC258527C491EE8D4A57C2F,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 10341000x8000000000000000345034Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.341{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345033Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.340{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345032Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.340{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345031Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.340{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000345030Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.340{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 734700x8000000000000000345029Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.340{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=92D599E644B89C0F9E7DDB55762EBEA6,SHA256=F32D28EE73EADAF9EF3F30145FA3C52B88DF47236B8747434750832BF1B9CDEE,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000345028Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.339{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntdll.dll10.0.14393.5006 (rs1_release.220301-1704)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=F5EE39B17A8BCDEDC3D40997C26F62B1,SHA256=11C1C88B1CC11D9800DEEF27ED7ABDFDE3DC852687A3B9FBD5153284106E5952,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000345027Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.339{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\gdi32full.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F284A98093B423946252259D7D2857D3,SHA256=193F70529B68EF108EA17ABC069E6DACF4541A547DF1D2F249F7555A58BCFA07,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000345026Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.338{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\firefox.exe104.0.2FirefoxFirefoxMozilla Corporationfirefox.exeMD5=BBF69077780A3C362C8F6545B6B254B9,SHA256=9BA01237719ABB00128CC369D5BEA68E6EB6AFCAA47C4316EED174615B90E2B6,IMPHASH=9AE80BC4D7F699F3663D6FC8FC1CEAF0trueMozilla CorporationValid 734700x8000000000000000345025Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.338{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000345024Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.338{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000345023Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.338{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x8000000000000000345022Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.337{6820D070-4D64-6323-ED00-000000007502}61404264C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+27040|C:\Program Files\Mozilla Firefox\xul.dll+e7c824|C:\Program Files\Mozilla Firefox\xul.dll+e76539|C:\Program Files\Mozilla Firefox\xul.dll+e6774a|C:\Program Files\Mozilla Firefox\xul.dll+e75602|C:\Program Files\Mozilla Firefox\xul.dll+7c6334|C:\Program Files\Mozilla Firefox\xul.dll+1a629d7|C:\Program Files\Mozilla Firefox\xul.dll+1a61c23|C:\Program Files\Mozilla Firefox\xul.dll+17b1bad|C:\Program Files\Mozilla Firefox\xul.dll+1a890bb|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+1fc8e|C:\Program Files\Mozilla Firefox\xul.dll+180dd8|C:\Program Files\Mozilla Firefox\xul.dll+17fd52|C:\Program Files\Mozilla Firefox\xul.dll+44a9b51|C:\Program Files\Mozilla Firefox\xul.dll+4511b42|C:\Program Files\Mozilla Firefox\xul.dll+451296c|C:\Program Files\Mozilla Firefox\xul.dll+1f8be23|C:\Program Files\Mozilla Firefox\firefox.exe+19db6|C:\Program Files\Mozilla Firefox\firefox.exe+27d18|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345021Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.336{6820D070-4D64-6323-ED00-000000007502}61405612C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+9f9b59|C:\Program Files\Mozilla Firefox\xul.dll+7c6334|C:\Program Files\Mozilla Firefox\xul.dll+1a7fd3f|C:\Program Files\Mozilla Firefox\xul.dll+12cb5|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+127e7|C:\Program Files\Mozilla Firefox\xul.dll+9e0231|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000345020Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.336{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4770 (rs1_release.211101-1440)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=54417B63FB3760BC6DBC5DB1BDA4C272,SHA256=B7A8B457B252AB949C067D5FCFEFB2AE98E9115B958D2A0FC120D7B13B3E9FAD,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000345019Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.336{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 10341000x8000000000000000345018Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.335{6820D070-4B7C-6323-8800-000000007502}6281180C:\Windows\system32\csrss.exe{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000345017Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.334{6820D070-4D64-6323-ED00-000000007502}61405840C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b830|C:\Windows\System32\KERNELBASE.dll+6f523|C:\Windows\System32\ADVAPI32.dll+189bf|C:\Program Files\Mozilla Firefox\firefox.exe+2bb52|C:\Program Files\Mozilla Firefox\firefox.exe+59d7|C:\Program Files\Mozilla Firefox\xul.dll+203367f|C:\Program Files\Mozilla Firefox\xul.dll+9f4a88|C:\Program Files\Mozilla Firefox\xul.dll+9f2b85|C:\Program Files\Mozilla Firefox\xul.dll+9faa2e|C:\Program Files\Mozilla Firefox\xul.dll+84ead3|C:\Program Files\Mozilla Firefox\xul.dll+17b26ed|C:\Program Files\Mozilla Firefox\xul.dll+17b0967|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+1fc8e|C:\Program Files\Mozilla Firefox\xul.dll+8523f7|C:\Program Files\Mozilla Firefox\nss3.dll+75edc|C:\Program Files\Mozilla Firefox\nss3.dll+8c1d1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000345016Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.334{6820D070-4DFB-6323-3301-000000007502}8236C:\Program Files\Mozilla Firefox\firefox.exe104.0.2FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6140.47.451050320\878611609" -childID 44 -isForBrowser -prefsHandle 10912 -prefMapHandle 10904 -prefsLen 31603 -prefMapSize 231974 -jsInitHandle 1100 -jsInitLen 247228 -a11yResourceId 64 -parentBuildID 20220902153754 -appDir "C:\Program Files\Mozilla Firefox\browser" - 6140 "\\.\pipe\gecko-crash-server-pipe.6140" 10908 2612a905b48 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{6820D070-4B7D-6323-1F63-0C0000000000}0xc631f2LowMD5=BBF69077780A3C362C8F6545B6B254B9,SHA256=9BA01237719ABB00128CC369D5BEA68E6EB6AFCAA47C4316EED174615B90E2B6,IMPHASH=9AE80BC4D7F699F3663D6FC8FC1CEAF0{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 734700x8000000000000000345015Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.334{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\vcruntime140_1.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140_1.dllMD5=135359D350F72AD4BF716B764D39E749,SHA256=34048ABAA070ECC13B318CEA31425F4CA3EDD133D350318AC65259E6058C8B32,IMPHASH=AE0BDE6314FA2027B54CE04898F6AB69trueMicrosoft CorporationValid 734700x8000000000000000345014Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.333{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\vcruntime140.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140.dllMD5=F34EB034AA4A9735218686590CBA2E8B,SHA256=9D2B40F0395CC5D1B4D5EA17B84970C29971D448C37104676DB577586D4AD1B1,IMPHASH=44C3854843F7A3FCCDF8DDBBEA66F302trueMicrosoft CorporationValid 10341000x8000000000000000345013Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.332{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345012Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.332{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345011Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.332{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345010Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.331{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345009Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.331{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000345008Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.331{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp140.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationmsvcp140.dllMD5=6DA7F4530EDB350CF9D967D969CCECF8,SHA256=9FEE6F36547D6F6EA7CA0338655555DBA6BB0F798BC60334D29B94D1547DA4DA,IMPHASH=2BA11FD5A511C8A409E705E9AB6B5DC1trueMicrosoft CorporationValid 10341000x8000000000000000345007Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.331{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345006Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.330{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000345005Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.330{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242,IMPHASH=B6562243FBF394F03046E917C719260FtrueMicrosoft WindowsValid 10341000x8000000000000000345004Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.330{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345003Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.330{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345002Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.330{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345001Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.330{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345000Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.329{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344999Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.329{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\crypt32.dll10.0.14393.5291 (rs1_release.220806-1444)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=0D54B119907CCD11827832973EAB917D,SHA256=78C28A0165B0A2581662CFB3A89E319006518DC2E1A664E6027C7F8EBFA05D92,IMPHASH=42B269CD88D7BD841B43BB1788792A62trueMicrosoft WindowsValid 10341000x8000000000000000344998Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.329{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344997Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.329{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344996Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.328{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344995Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.328{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344994Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.328{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344993Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.328{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344992Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.327{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344991Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.326{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344990Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.326{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\mozglue.dll104.0.2-FirefoxMozilla Foundationmozglue.dllMD5=D81C40EAA529D675598BD3D88F4D273B,SHA256=F89754F1E16A89AF01B5A3B2F4FDE652AA14DBA3131FB9A831D1E51E2E4D9359,IMPHASH=59035CC8561E9C04E566E656F35B9519trueMozilla CorporationValid 10341000x8000000000000000344989Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.326{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344988Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.326{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000344987Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.522{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local63787- 354300x8000000000000000344986Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.520{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50290-false104.18.18.126-443https 354300x8000000000000000344985Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.516{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50288-false8.28.7.81-443https 354300x8000000000000000344984Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.508{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50287-false34.202.104.213ec2-34-202-104-213.compute-1.amazonaws.com443https 354300x8000000000000000344983Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.483{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50285-false3.74.206.104ec2-3-74-206-104.eu-central-1.compute.amazonaws.com443https 354300x8000000000000000344982Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.472{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local57938- 354300x8000000000000000344981Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.466{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local54430- 354300x8000000000000000344980Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.464{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local60802- 354300x8000000000000000344979Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.464{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local59826- 354300x8000000000000000344978Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.463{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local58673- 354300x8000000000000000344977Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.459{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local57144- 354300x8000000000000000344976Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.456{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local57901- 354300x8000000000000000344975Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.453{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local60531- 354300x8000000000000000344974Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.452{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50286-false104.18.18.126-443https 354300x8000000000000000344973Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.449{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local63368- 354300x8000000000000000344972Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.449{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local56231- 354300x8000000000000000344971Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.448{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local63439- 354300x8000000000000000344970Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.448{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local60743- 354300x8000000000000000344969Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.434{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local58491- 354300x8000000000000000344968Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.389{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50283-false69.175.41.15sovrn-193627-chi03-placeholder443https 354300x8000000000000000344967Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.386{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50284-false69.166.1.12-443https 354300x8000000000000000344966Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.382{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local59685- 354300x8000000000000000344965Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.370{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50282-false172.67.8.174-443https 354300x8000000000000000344964Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.370{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50281-false159.89.246.130-443https 354300x8000000000000000344963Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.364{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local56998- 354300x8000000000000000344962Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.349{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local59488- 354300x8000000000000000344961Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.348{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local63927- 354300x8000000000000000344960Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.346{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local57573- 354300x8000000000000000344959Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.329{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local62300- 354300x8000000000000000344958Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.311{6820D070-4ADF-6323-2B00-000000007502}2704C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-ctus-attack-range-403.attackrange.local57836- 354300x8000000000000000344957Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.284{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50280-false34.227.219.91ec2-34-227-219-91.compute-1.amazonaws.com443https 354300x8000000000000000344956Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:25.284{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-403.attackrange.local50279-false8.28.7.81-443https 10341000x8000000000000000344955Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.325{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344954Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.325{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 10341000x8000000000000000344953Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.325{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344952Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.325{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344951Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.325{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344950Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.323{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\KernelBase.dll10.0.14393.5246 (rs1_release.220701-1744)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=96EFBE3DB6300BB13E0720809302FF9F,SHA256=2DE51A861E8D47D75730027E8BD70554363E10449EC258527C491EE8D4A57C2F,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000344949Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.323{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=92D599E644B89C0F9E7DDB55762EBEA6,SHA256=F32D28EE73EADAF9EF3F30145FA3C52B88DF47236B8747434750832BF1B9CDEE,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000344948Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.322{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntdll.dll10.0.14393.5006 (rs1_release.220301-1704)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=F5EE39B17A8BCDEDC3D40997C26F62B1,SHA256=11C1C88B1CC11D9800DEEF27ED7ABDFDE3DC852687A3B9FBD5153284106E5952,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 17141700x8000000000000000344947Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:27.321{6820D070-4D64-6323-ED00-000000007502}6140\chrome.6140.47.45105032C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000344946Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.321{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\firefox.exe104.0.2FirefoxFirefoxMozilla Corporationfirefox.exeMD5=BBF69077780A3C362C8F6545B6B254B9,SHA256=9BA01237719ABB00128CC369D5BEA68E6EB6AFCAA47C4316EED174615B90E2B6,IMPHASH=9AE80BC4D7F699F3663D6FC8FC1CEAF0trueMozilla CorporationValid 10341000x8000000000000000344945Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.319{6820D070-4D64-6323-ED00-000000007502}61404264C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+27040|C:\Program Files\Mozilla Firefox\xul.dll+e7c824|C:\Program Files\Mozilla Firefox\xul.dll+e76539|C:\Program Files\Mozilla Firefox\xul.dll+e6774a|C:\Program Files\Mozilla Firefox\xul.dll+e75602|C:\Program Files\Mozilla Firefox\xul.dll+7c6334|C:\Program Files\Mozilla Firefox\xul.dll+1a629d7|C:\Program Files\Mozilla Firefox\xul.dll+1a61c23|C:\Program Files\Mozilla Firefox\xul.dll+17b1bad|C:\Program Files\Mozilla Firefox\xul.dll+1a890bb|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+1fc8e|C:\Program Files\Mozilla Firefox\xul.dll+180dd8|C:\Program Files\Mozilla Firefox\xul.dll+17fd52|C:\Program Files\Mozilla Firefox\xul.dll+44a9b51|C:\Program Files\Mozilla Firefox\xul.dll+4511b42|C:\Program Files\Mozilla Firefox\xul.dll+451296c|C:\Program Files\Mozilla Firefox\xul.dll+1f8be23|C:\Program Files\Mozilla Firefox\firefox.exe+19db6|C:\Program Files\Mozilla Firefox\firefox.exe+27d18|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344944Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.318{6820D070-4D64-6323-ED00-000000007502}61405612C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+9f9b59|C:\Program Files\Mozilla Firefox\xul.dll+7c6334|C:\Program Files\Mozilla Firefox\xul.dll+1a7fd3f|C:\Program Files\Mozilla Firefox\xul.dll+12cb5|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+127e7|C:\Program Files\Mozilla Firefox\xul.dll+9e0231|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344943Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.313{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344942Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.312{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344941Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.312{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344940Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.312{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344939Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.311{6820D070-4B7C-6323-8800-000000007502}6281180C:\Windows\system32\csrss.exe{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000344938Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.310{6820D070-4D64-6323-ED00-000000007502}61405840C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b830|C:\Windows\System32\KERNELBASE.dll+6f523|C:\Windows\System32\ADVAPI32.dll+189bf|C:\Program Files\Mozilla Firefox\firefox.exe+2bb52|C:\Program Files\Mozilla Firefox\firefox.exe+59d7|C:\Program Files\Mozilla Firefox\xul.dll+203367f|C:\Program Files\Mozilla Firefox\xul.dll+9f4a88|C:\Program Files\Mozilla Firefox\xul.dll+9f2b85|C:\Program Files\Mozilla Firefox\xul.dll+9faa2e|C:\Program Files\Mozilla Firefox\xul.dll+84ead3|C:\Program Files\Mozilla Firefox\xul.dll+17b26ed|C:\Program Files\Mozilla Firefox\xul.dll+17b0967|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+1fc8e|C:\Program Files\Mozilla Firefox\xul.dll+8523f7|C:\Program Files\Mozilla Firefox\nss3.dll+75edc|C:\Program Files\Mozilla Firefox\nss3.dll+8c1d1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000344937Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.310{6820D070-4DFB-6323-3201-000000007502}7028C:\Program Files\Mozilla Firefox\firefox.exe104.0.2FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6140.46.553323635\196725913" -childID 43 -isForBrowser -prefsHandle 10448 -prefMapHandle 10760 -prefsLen 31603 -prefMapSize 231974 -jsInitHandle 1100 -jsInitLen 247228 -a11yResourceId 64 -parentBuildID 20220902153754 -appDir "C:\Program Files\Mozilla Firefox\browser" - 6140 "\\.\pipe\gecko-crash-server-pipe.6140" 10688 2612a905848 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{6820D070-4B7D-6323-1F63-0C0000000000}0xc631f2LowMD5=BBF69077780A3C362C8F6545B6B254B9,SHA256=9BA01237719ABB00128CC369D5BEA68E6EB6AFCAA47C4316EED174615B90E2B6,IMPHASH=9AE80BC4D7F699F3663D6FC8FC1CEAF0{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 10341000x8000000000000000344936Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.309{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344935Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.309{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344934Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.309{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344933Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.309{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344932Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.308{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344931Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.307{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344930Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.307{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344929Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.307{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344928Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.306{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344927Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.306{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344926Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.306{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344925Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.305{6820D070-4ACF-6323-0B00-000000007502}620660C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344924Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.305{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344923Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.305{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344922Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.304{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344921Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.304{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344920Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.304{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344919Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.304{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344918Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.304{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344917Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.303{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344916Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.303{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344915Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.303{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344914Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.303{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344913Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.302{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344912Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.299{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344911Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.299{6820D070-4ACF-6323-0B00-000000007502}620744C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 17141700x8000000000000000344910Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:27.297{6820D070-4D64-6323-ED00-000000007502}6140\chrome.6140.46.55332363C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000344909Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.284{6820D070-4AD1-6323-1200-000000007502}3961540C:\Windows\system32\svchost.exe{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cd4|c:\windows\system32\fntcache.dll+17a6f|c:\windows\system32\fntcache.dll+1a637|c:\windows\system32\fntcache.dll+1aa6c|c:\windows\system32\fntcache.dll+501de|c:\windows\system32\fntcache.dll+4fee2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344908Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.260{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exe0x1010C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000344907Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.260{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000344906Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.260{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000344905Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.259{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exe0x1010C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000344904Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.259{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000344903Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.259{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-2201-000000007502}7044C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 734700x8000000000000000344902Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.248{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\freebl3.dll104.0.2-FirefoxMozilla Foundationfreebl3.dllMD5=E955B74FC4EC39B2FBA71B95F5785511,SHA256=AF895F69461521DC6DE09FA62D81F833D63D8559CA58FDBDACDDEBAF756FE717,IMPHASH=603677F758E7CEE100C502B5C0E50293trueMozilla CorporationValid 734700x8000000000000000344901Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.247{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\softokn3.dll104.0.2-FirefoxMozilla Foundationsoftokn3.dllMD5=4E78CA1C6C19DE0E2F37505183B005A8,SHA256=ADFA856F86B98E90DA37A1BDA1ABC261A6A871042FB342F93F43C6777E9E3CE2,IMPHASH=8217C8B17239D6236F43DE3AC007B8A6trueMozilla CorporationValid 734700x8000000000000000344900Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.227{6820D070-4DFB-6323-2F01-000000007502}9096C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\freebl3.dll104.0.2-FirefoxMozilla Foundationfreebl3.dllMD5=E955B74FC4EC39B2FBA71B95F5785511,SHA256=AF895F69461521DC6DE09FA62D81F833D63D8559CA58FDBDACDDEBAF756FE717,IMPHASH=603677F758E7CEE100C502B5C0E50293trueMozilla CorporationValid 734700x8000000000000000344899Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.226{6820D070-4DFB-6323-2F01-000000007502}9096C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\softokn3.dll104.0.2-FirefoxMozilla Foundationsoftokn3.dllMD5=4E78CA1C6C19DE0E2F37505183B005A8,SHA256=ADFA856F86B98E90DA37A1BDA1ABC261A6A871042FB342F93F43C6777E9E3CE2,IMPHASH=8217C8B17239D6236F43DE3AC007B8A6trueMozilla CorporationValid 10341000x8000000000000000344898Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.210{6820D070-4AD1-6323-1200-000000007502}3961540C:\Windows\system32\svchost.exe{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cd4|c:\windows\system32\fntcache.dll+17a6f|c:\windows\system32\fntcache.dll+1a637|c:\windows\system32\fntcache.dll+1aa6c|c:\windows\system32\fntcache.dll+501de|c:\windows\system32\fntcache.dll+4fee2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344897Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.208{6820D070-4AD1-6323-1200-000000007502}3961540C:\Windows\system32\svchost.exe{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cd4|c:\windows\system32\fntcache.dll+17a6f|c:\windows\system32\fntcache.dll+1a637|c:\windows\system32\fntcache.dll+1aa6c|c:\windows\system32\fntcache.dll+501de|c:\windows\system32\fntcache.dll+4fee2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344896Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.204{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\DWrite.dll10.0.14393.4704 (rs1_release.211004-1917)Microsoft DirectX Typography ServicesMicrosoft® Windows® Operating SystemMicrosoft CorporationDWriteMD5=E6024B83C3D336E71E636E2816A0F6C6,SHA256=6BCFB676656A149E0307D6BA0AEE58FA6057BB8A920B57505CD2B90C8968DF94,IMPHASH=4DF173E853B52F621D05CC337B9F72CEtrueMicrosoft WindowsValid 734700x8000000000000000344895Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.202{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\devobj.dll10.0.14393.0 (rs1_release.160715-1616)Device Information Set DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationdevinfoset.DLLMD5=72AD993A6E896EB50058A73D045F3284,SHA256=CFF524F52D5F91788F34A47076E0CA36132890981079B27F559279B3F6FC3B11,IMPHASH=DFDCA72C641F8587ADF49CA0ED1D5817trueMicrosoft WindowsValid 734700x8000000000000000344894Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.201{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\setupapi.dll10.0.14393.2608 (rs1_release.181024-1742)Windows Setup APIMicrosoft® Windows® Operating SystemMicrosoft CorporationSETUPAPI.DLLMD5=8EEA3E9E124AC395915517588723F12E,SHA256=ED63B8F0079069271F46EECCB4B0CF384D02BD1E18FE3BA635A0C0B1284B2CBE,IMPHASH=5910ADAAC44A92AFA6ED871531949CEEtrueMicrosoft WindowsValid 734700x8000000000000000344893Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.196{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ole32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=EB53D1BF6E1667C8727EBBB5D5A862ED,SHA256=2B3D48DFA43A284B1C66A8A98B0A48104133D86EEEB2E8E060BE2281CF476348,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 10341000x8000000000000000344892Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.196{6820D070-4AD1-6323-1200-000000007502}3961540C:\Windows\system32\svchost.exe{6820D070-4DFB-6323-2F01-000000007502}9096C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cd4|c:\windows\system32\fntcache.dll+17a6f|c:\windows\system32\fntcache.dll+1a637|c:\windows\system32\fntcache.dll+1aa6c|c:\windows\system32\fntcache.dll+501de|c:\windows\system32\fntcache.dll+4fee2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344891Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.195{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\lsasrv.dll+26e07|C:\Windows\system32\lsasrv.dll+27f99|C:\Windows\system32\lsasrv.dll+26c85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344890Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.195{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2bdcf|C:\Windows\system32\lsasrv.dll+26bcd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344889Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.194{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\sspicli.dll10.0.14393.5006 (rs1_release.220301-1704)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=F0258C58C8DC45AF9B5AAF9BA49E0C53,SHA256=8E1EAA39742CC0E97D615229E9C13C8447B8D115B4678A1F03BE3E8E20345521,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 10341000x8000000000000000344888Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.194{6820D070-4AD1-6323-1200-000000007502}3961540C:\Windows\system32\svchost.exe{6820D070-4DFB-6323-2F01-000000007502}9096C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cd4|c:\windows\system32\fntcache.dll+17a6f|c:\windows\system32\fntcache.dll+1a637|c:\windows\system32\fntcache.dll+1aa6c|c:\windows\system32\fntcache.dll+501de|c:\windows\system32\fntcache.dll+4fee2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344887Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.193{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\userenv.dll10.0.14393.4583 (rs1_release.210730-1850)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=E0F286AF345442E267C33880492CED31,SHA256=5C6D66F5A748551999BE1CDE33A3A1FC2E10D1297EF275D232A9FDCC95BEA84B,IMPHASH=C84FC60AE2A79A06E8C46A6929CDECB4trueMicrosoft WindowsValid 734700x8000000000000000344886Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.190{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 734700x8000000000000000344885Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.189{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\shlwapi.dll10.0.14393.5125 (rs1_release.220429-1732)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=407E895A220DE1A60C5B555A113FE998,SHA256=FE184347784F83953457146562E0F6C87C8DA04D0288415465631325A2A98C92,IMPHASH=9F3DE8492A7F075320A36332ACC9CAAFtrueMicrosoft WindowsValid 734700x8000000000000000344884Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.189{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575,IMPHASH=CBD4A2FD581B65B4B1934DA291FA2B86trueMicrosoft WindowsValid 734700x8000000000000000344883Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.189{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\windows.storage.dll10.0.14393.5291 (rs1_release.220806-1444)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=AA86B65DCB0ECF7263B863DE2A4E8D00,SHA256=2C4E0CA21438A610DCC55E24190146254E959DC5B8A0DE00BE517365CCCB10FB,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 734700x8000000000000000344882Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.188{6820D070-4DFB-6323-2F01-000000007502}9096C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\DWrite.dll10.0.14393.4704 (rs1_release.211004-1917)Microsoft DirectX Typography ServicesMicrosoft® Windows® Operating SystemMicrosoft CorporationDWriteMD5=E6024B83C3D336E71E636E2816A0F6C6,SHA256=6BCFB676656A149E0307D6BA0AEE58FA6057BB8A920B57505CD2B90C8968DF94,IMPHASH=4DF173E853B52F621D05CC337B9F72CEtrueMicrosoft WindowsValid 734700x8000000000000000344881Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.188{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\shell32.dll10.0.14393.5291 (rs1_release.220806-1444)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=D73641916AB4964C7FE9B4A37473A01B,SHA256=4BB60581FB93D73CDC4F1FBEA2DDACE5D16FE61B6E0E16622C326B6E2F407A7E,IMPHASH=2A461CACC80CB7AC077398BD06B4057AtrueMicrosoft WindowsValid 734700x8000000000000000344880Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.186{6820D070-4DFB-6323-2F01-000000007502}9096C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\devobj.dll10.0.14393.0 (rs1_release.160715-1616)Device Information Set DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationdevinfoset.DLLMD5=72AD993A6E896EB50058A73D045F3284,SHA256=CFF524F52D5F91788F34A47076E0CA36132890981079B27F559279B3F6FC3B11,IMPHASH=DFDCA72C641F8587ADF49CA0ED1D5817trueMicrosoft WindowsValid 734700x8000000000000000344879Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.184{6820D070-4DFB-6323-2F01-000000007502}9096C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\setupapi.dll10.0.14393.2608 (rs1_release.181024-1742)Windows Setup APIMicrosoft® Windows® Operating SystemMicrosoft CorporationSETUPAPI.DLLMD5=8EEA3E9E124AC395915517588723F12E,SHA256=ED63B8F0079069271F46EECCB4B0CF384D02BD1E18FE3BA635A0C0B1284B2CBE,IMPHASH=5910ADAAC44A92AFA6ED871531949CEEtrueMicrosoft WindowsValid 18141800x8000000000000000344878Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:27.183{6820D070-4D64-6323-ED00-000000007502}6140\LOCAL\cubeb-pipe-6140-41C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000344877Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:27.183{6820D070-4D64-6323-ED00-000000007502}6140\LOCAL\cubeb-pipe-6140-41C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000344876Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.180{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704,IMPHASH=1835EBC72F9ADB09C6FCFABC04AC9C89trueMicrosoft WindowsValid 734700x8000000000000000344875Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.180{6820D070-4DFB-6323-2F01-000000007502}9096C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ole32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=EB53D1BF6E1667C8727EBBB5D5A862ED,SHA256=2B3D48DFA43A284B1C66A8A98B0A48104133D86EEEB2E8E060BE2281CF476348,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000344874Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.180{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winmmbase.dll10.0.14393.0 (rs1_release.160715-1616)Base Multimedia Extension API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMMbase.DLLMD5=24C1E8F8C10471C5A6F0E8AF141211EB,SHA256=75ECAE23C920D81614BA5C0648377C2FC04C7379FD6A388C244A81F50AAB7B1C,IMPHASH=0B9A3C99AAFA99247F9E2BD866186AEAtrueMicrosoft WindowsValid 10341000x8000000000000000344873Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.179{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4DFB-6323-2F01-000000007502}9096C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\lsasrv.dll+26e07|C:\Windows\system32\lsasrv.dll+27f99|C:\Windows\system32\lsasrv.dll+26c85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344872Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.179{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4DFB-6323-2F01-000000007502}9096C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2bdcf|C:\Windows\system32\lsasrv.dll+26bcd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344871Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.179{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winmm.dll10.0.14393.0 (rs1_release.160715-1616)MCI API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMM.DLLMD5=F16410F5D557337B05CF4F93691EC106,SHA256=2B5BC3C0A6514356C6719298FC25D8D192A2C973EE3283EF48379D2745C9BD87,IMPHASH=9F0D37252D56D3F9E44E69CCC59B57AEtrueMicrosoft WindowsValid 734700x8000000000000000344870Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.178{6820D070-4DFB-6323-2F01-000000007502}9096C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\sspicli.dll10.0.14393.5006 (rs1_release.220301-1704)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=F0258C58C8DC45AF9B5AAF9BA49E0C53,SHA256=8E1EAA39742CC0E97D615229E9C13C8447B8D115B4678A1F03BE3E8E20345521,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x8000000000000000344869Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.173{6820D070-4DFB-6323-2F01-000000007502}9096C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\userenv.dll10.0.14393.4583 (rs1_release.210730-1850)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=E0F286AF345442E267C33880492CED31,SHA256=5C6D66F5A748551999BE1CDE33A3A1FC2E10D1297EF275D232A9FDCC95BEA84B,IMPHASH=C84FC60AE2A79A06E8C46A6929CDECB4trueMicrosoft WindowsValid 734700x8000000000000000344868Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.170{6820D070-4DFB-6323-2F01-000000007502}9096C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 734700x8000000000000000344867Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.169{6820D070-4DFB-6323-2F01-000000007502}9096C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\shlwapi.dll10.0.14393.5125 (rs1_release.220429-1732)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=407E895A220DE1A60C5B555A113FE998,SHA256=FE184347784F83953457146562E0F6C87C8DA04D0288415465631325A2A98C92,IMPHASH=9F3DE8492A7F075320A36332ACC9CAAFtrueMicrosoft WindowsValid 734700x8000000000000000344866Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.168{6820D070-4DFB-6323-2F01-000000007502}9096C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575,IMPHASH=CBD4A2FD581B65B4B1934DA291FA2B86trueMicrosoft WindowsValid 734700x8000000000000000344865Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.168{6820D070-4DFB-6323-2F01-000000007502}9096C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\windows.storage.dll10.0.14393.5291 (rs1_release.220806-1444)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=AA86B65DCB0ECF7263B863DE2A4E8D00,SHA256=2C4E0CA21438A610DCC55E24190146254E959DC5B8A0DE00BE517365CCCB10FB,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 734700x8000000000000000344864Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.166{6820D070-4DFB-6323-2F01-000000007502}9096C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\shell32.dll10.0.14393.5291 (rs1_release.220806-1444)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=D73641916AB4964C7FE9B4A37473A01B,SHA256=4BB60581FB93D73CDC4F1FBEA2DDACE5D16FE61B6E0E16622C326B6E2F407A7E,IMPHASH=2A461CACC80CB7AC077398BD06B4057AtrueMicrosoft WindowsValid 10341000x8000000000000000344863Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.161{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+406b6|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+54cfb|C:\Windows\System32\RPCRT4.dll+533da|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000344862Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:27.160{6820D070-4D64-6323-ED00-000000007502}6140\LOCAL\cubeb-pipe-6140-40C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000344861Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:27.160{6820D070-4D64-6323-ED00-000000007502}6140\LOCAL\cubeb-pipe-6140-40C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000344860Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.160{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntmarta.dll10.0.14393.0 (rs1_release.160715-1616)Windows NT MARTA providerMicrosoft® Windows® Operating SystemMicrosoft Corporationntmarta.dllMD5=854A3CAE7C97B630158C9F7EE8555970,SHA256=20F0A4D99C5095A0CAC39B816BFC987F64CD051843C79E027714666375986176,IMPHASH=98050D95AE15C8382F287539F2BF65FAtrueMicrosoft WindowsValid 734700x8000000000000000344859Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.159{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12,IMPHASH=67E6A4C8E164C0229E3FF1626F1894C6trueMicrosoft WindowsValid 18141800x8000000000000000344858Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:27.159{6820D070-4D64-6323-ED00-000000007502}6140\gecko.6140.5612.298272363606293653C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000344857Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:27.158{6820D070-4D64-6323-ED00-000000007502}6140\gecko.6140.5612.298272363606293653C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000344856Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.158{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x8000000000000000344855Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.157{6820D070-4DFB-6323-2F01-000000007502}9096C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704,IMPHASH=1835EBC72F9ADB09C6FCFABC04AC9C89trueMicrosoft WindowsValid 734700x8000000000000000344854Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.157{6820D070-4DFB-6323-2F01-000000007502}9096C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winmmbase.dll10.0.14393.0 (rs1_release.160715-1616)Base Multimedia Extension API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMMbase.DLLMD5=24C1E8F8C10471C5A6F0E8AF141211EB,SHA256=75ECAE23C920D81614BA5C0648377C2FC04C7379FD6A388C244A81F50AAB7B1C,IMPHASH=0B9A3C99AAFA99247F9E2BD866186AEAtrueMicrosoft WindowsValid 10341000x8000000000000000344853Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.157{6820D070-4D64-6323-ED00-000000007502}61405612C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1a81b5a|C:\Program Files\Mozilla Firefox\xul.dll+1a7fb67|C:\Program Files\Mozilla Firefox\xul.dll+12cb5|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+127e7|C:\Program Files\Mozilla Firefox\xul.dll+9e0231|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000344852Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:27.156{6820D070-4D64-6323-ED00-000000007502}6140\chrome.6140.45.32768411C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000344851Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.154{6820D070-4DFB-6323-2F01-000000007502}9096C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winmm.dll10.0.14393.0 (rs1_release.160715-1616)MCI API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMM.DLLMD5=F16410F5D557337B05CF4F93691EC106,SHA256=2B5BC3C0A6514356C6719298FC25D8D192A2C973EE3283EF48379D2745C9BD87,IMPHASH=9F0D37252D56D3F9E44E69CCC59B57AEtrueMicrosoft WindowsValid 10341000x8000000000000000344850Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.146{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exe0x1010C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000344849Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.146{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000344848Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.146{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000344847Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.145{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exe0x1010C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000344846Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.145{6820D070-4D64-6323-ED00-000000007502}61404084C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+114dfb|C:\Program Files\Mozilla Firefox\xul.dll+12ee2b1|C:\Windows\SYSTEM32\ntdll.dll+7f61d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed13|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344845Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.145{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 10341000x8000000000000000344844Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.145{6820D070-4ADF-6323-2A00-000000007502}26163240C:\Program Files\Aurora-Agent\aurora-agent.exe{6820D070-4DF9-6323-2101-000000007502}6760C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+69f35|UNKNOWN(0000000012C80190) 18141800x8000000000000000344843Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:27.145{6820D070-4D64-6323-ED00-000000007502}6140\gecko-crash-server-pipe.6140C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000344842Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.140{6820D070-4DFB-6323-3001-000000007502}9112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000344841Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.140{6820D070-4DFB-6323-3001-000000007502}9112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000344840Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.139{6820D070-4DFB-6323-3001-000000007502}9112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000344839Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.137{6820D070-4DFB-6323-3001-000000007502}9112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.5066 (rs1_release.220401-1841)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=75E3DE473374E0BCBBD1EC60036A93EC,SHA256=23EBE577D2080D4C7532184B69E44BF640BB44084F9046A5AF364268A7BDB1EC,IMPHASH=6CC8301D560C9DC6CB13A6320F3A3B1FtrueMicrosoft WindowsValid 734700x8000000000000000344838Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.137{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\version.dll10.0.14393.0 (rs1_release.160715-1616)Version Checking and File Installation LibrariesMicrosoft® Windows® Operating SystemMicrosoft CorporationVERSION.DLLMD5=CFDB018AC09F879CAAE7A66CA7880D57,SHA256=6AB95FD0D142CFFC3B9455AF51F003E1CD75B7F4323820390B975F9E1C8A47A5,IMPHASH=9A7C66851249D4CED6C2C9096DCA243BtrueMicrosoft WindowsValid 734700x8000000000000000344837Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.137{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\SHCore.dll10.0.14393.5066 (rs1_release.220401-1841)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=FC58D75DDAF44088B9101BE2418B1967,SHA256=74A0CCA04F2405A329897A6A1A3E90A0CE48E5772F85E7188C75677CD9D78160,IMPHASH=3C09BDCE2388320645D7656AE2AC744CtrueMicrosoft WindowsValid 734700x8000000000000000344836Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.136{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\combase.dll10.0.14393.5192 (rs1_release.220610-1622)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=336FBB55FF4D4E5A05343A51C98A8F74,SHA256=FD42EBCB39DD4311FA7515010FF4D08AC4DFF7D5C35FCB23207833ED4C2E8444,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000344835Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.136{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000344834Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.135{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000344833Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.135{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36,IMPHASH=FF25576501EAFD13671A6D5075C4513EtrueMicrosoft WindowsValid 734700x8000000000000000344832Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.134{6820D070-4DFB-6323-3001-000000007502}9112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000344831Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.134{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000344830Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.133{6820D070-4DFB-6323-3001-000000007502}9112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.5066 (rs1_release.220401-1841)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3D375474E2FE9A77D243E35954287188,SHA256=7850F11166D7CACED6F628033524ED86191AE92772000AFA677E59A664396E8C,IMPHASH=6990BA83B94C81786A84E6C44E699D03trueMicrosoft WindowsValid 734700x8000000000000000344829Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.133{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wintrust.dll10.0.14393.5125 (rs1_release.220429-1732)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=55FCE44E89BDA2444619661FE50F43EE,SHA256=420CACA0D821E7E9F1D1E683E9899BC2F6D5A4AA06C8D4BB23335DD9490CC0F8,IMPHASH=8B8383FC3FA03C92F859A2AF899A52ADtrueMicrosoft WindowsValid 734700x8000000000000000344828Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.133{6820D070-4DFB-6323-3001-000000007502}9112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000344827Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.133{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll104.0.2-FirefoxMozilla Foundationxul.dllMD5=0A51F22D078855CE4E32F0987E9B06C6,SHA256=CD073C7F42A13D192E8E96AC16B0C2BE56D40424768DC65733380AB4AFBD4716,IMPHASH=9A9A84C657A1B1C5F1F6F1989D349543trueMozilla CorporationValid 734700x8000000000000000344826Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.132{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\lgpllibs.dll104.0.2-FirefoxMozilla Foundationlgpllibs.dllMD5=8A81C934123E7CA79B7A1741570D3336,SHA256=0A0F351BBB315E6364398A55F77607E57C29CB83BEE9FC6D7EA6DC3D761964DA,IMPHASH=451AECEA9F58042E76D96A82BE2804FAtrueMozilla CorporationValid 10341000x8000000000000000344825Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.132{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4DFB-6323-2F01-000000007502}9096C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+406b6|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+54cfb|C:\Windows\System32\RPCRT4.dll+533da|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344824Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.131{6820D070-4DFB-6323-2F01-000000007502}9096C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntmarta.dll10.0.14393.0 (rs1_release.160715-1616)Windows NT MARTA providerMicrosoft® Windows® Operating SystemMicrosoft Corporationntmarta.dllMD5=854A3CAE7C97B630158C9F7EE8555970,SHA256=20F0A4D99C5095A0CAC39B816BFC987F64CD051843C79E027714666375986176,IMPHASH=98050D95AE15C8382F287539F2BF65FAtrueMicrosoft WindowsValid 734700x8000000000000000344823Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.130{6820D070-4DFB-6323-3001-000000007502}9112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.5125 (rs1_release.220429-1732)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=E8FF656B90334BED915B2BC6BBE57C9A,SHA256=8BB399AD98B9D9C637D09EB48306B1E80C50BAA7D1C9811595D9042E4294173C,IMPHASH=FE007B4B6CED5075C98434207FFF87E0trueMicrosoft WindowsValid 18141800x8000000000000000344822Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:27.129{6820D070-4D64-6323-ED00-000000007502}6140\gecko.6140.5612.14271025091124134795C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000344821Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-CreatePipe2022-09-15 16:08:27.129{6820D070-4D64-6323-ED00-000000007502}6140\gecko.6140.5612.14271025091124134795C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000344820Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.129{6820D070-4DFB-6323-2F01-000000007502}9096C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12,IMPHASH=67E6A4C8E164C0229E3FF1626F1894C6trueMicrosoft WindowsValid 734700x8000000000000000344819Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.128{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wsock32.dll10.0.14393.0 (rs1_release.160715-1616)Windows Socket 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationwsock32.dllMD5=9471D5E2FEDF5552440BF935143DFAB0,SHA256=B489197F05EFFFB17F10FA9942DB88100C86BEB8291F9ACC8EB38BEF751BF90D,IMPHASH=6D33A1BDF842DEBFB889C44A830190E7trueMicrosoft WindowsValid 734700x8000000000000000344818Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.128{6820D070-4DFB-6323-2F01-000000007502}9096C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x8000000000000000344817Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.127{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000344816Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.127{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\rpcrt4.dll10.0.14393.5291 (rs1_release.220806-1444)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=F8550606B41FF309D9A1DC76BB4EE875,SHA256=A1FFDD6A2EDA9E0CF047C74B00649A2EA228E3B8BDE1761C66879FA40335C2EB,IMPHASH=C4246EC3F13C64466ED4274DBAA3B132trueMicrosoft WindowsValid 734700x8000000000000000344815Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.126{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\sechost.dll10.0.14393.5006 (rs1_release.220301-1704)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=9F0F4C38A22FC9FFB8814F77A9563680,SHA256=E9ABDA1063716301F5D06DBC94D6A35B3F53A14B946525E5F764485132DB6166,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000344814Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.126{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 10341000x8000000000000000344813Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.126{6820D070-4D64-6323-ED00-000000007502}61405612C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFB-6323-2F01-000000007502}9096C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1a81b5a|C:\Program Files\Mozilla Firefox\xul.dll+1a7fb67|C:\Program Files\Mozilla Firefox\xul.dll+12cb5|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+127e7|C:\Program Files\Mozilla Firefox\xul.dll+9e0231|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000344812Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:27.125{6820D070-4D64-6323-ED00-000000007502}6140\chrome.6140.44.80253500C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000344811Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.125{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\advapi32.dll10.0.14393.4886 (rs1_release.220104-1735)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=C42106182CCA611F629E46981D1A0EEA,SHA256=68C134F95A8D38AE84545C8D581F4BF808B6C9D97513EA3CABF019C66419CBAE,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x8000000000000000344810Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.125{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\nss3.dll104.0.2-FirefoxMozilla Foundationnss3.dllMD5=53509A4511300964ADB047AD5F1F1170,SHA256=2241536476C6C2CCE371DCFB08432C351198809A577FFC2E79D27FCEAAB6FEE5,IMPHASH=C637BF48786E5FC945D5268F49B50500trueMozilla CorporationValid 734700x8000000000000000344809Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.124{6820D070-4DFB-6323-3001-000000007502}9112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x8000000000000000344808Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.123{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344807Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.123{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344806Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.123{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 10341000x8000000000000000344805Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.122{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344804Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.122{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344803Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.122{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\gdi32full.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F284A98093B423946252259D7D2857D3,SHA256=193F70529B68EF108EA17ABC069E6DACF4541A547DF1D2F249F7555A58BCFA07,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000344802Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.122{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000344801Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.121{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000344800Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.121{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000344799Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.119{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4770 (rs1_release.211101-1440)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=54417B63FB3760BC6DBC5DB1BDA4C272,SHA256=B7A8B457B252AB949C067D5FCFEFB2AE98E9115B958D2A0FC120D7B13B3E9FAD,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000344798Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.119{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000344797Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.116{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\vcruntime140_1.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140_1.dllMD5=135359D350F72AD4BF716B764D39E749,SHA256=34048ABAA070ECC13B318CEA31425F4CA3EDD133D350318AC65259E6058C8B32,IMPHASH=AE0BDE6314FA2027B54CE04898F6AB69trueMicrosoft CorporationValid 734700x8000000000000000344796Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.115{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\vcruntime140.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140.dllMD5=F34EB034AA4A9735218686590CBA2E8B,SHA256=9D2B40F0395CC5D1B4D5EA17B84970C29971D448C37104676DB577586D4AD1B1,IMPHASH=44C3854843F7A3FCCDF8DDBBEA66F302trueMicrosoft CorporationValid 734700x8000000000000000344795Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.115{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp140.dll14.29.30139.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationmsvcp140.dllMD5=6DA7F4530EDB350CF9D967D969CCECF8,SHA256=9FEE6F36547D6F6EA7CA0338655555DBA6BB0F798BC60334D29B94D1547DA4DA,IMPHASH=2BA11FD5A511C8A409E705E9AB6B5DC1trueMicrosoft CorporationValid 734700x8000000000000000344794Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.114{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242,IMPHASH=B6562243FBF394F03046E917C719260FtrueMicrosoft WindowsValid 734700x8000000000000000344793Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.114{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\crypt32.dll10.0.14393.5291 (rs1_release.220806-1444)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=0D54B119907CCD11827832973EAB917D,SHA256=78C28A0165B0A2581662CFB3A89E319006518DC2E1A664E6027C7F8EBFA05D92,IMPHASH=42B269CD88D7BD841B43BB1788792A62trueMicrosoft WindowsValid 734700x8000000000000000344792Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.113{6820D070-4DFB-6323-3001-000000007502}9112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.5192 (rs1_release.220610-1622)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=48620A4A9EE4129296C93ED63D5363B2,SHA256=1FACA8BACE6051E29DEB1BB593B7F17FDABCCFC7A0FC4562BD77AA7CFB579435,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000344791Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.113{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\mozglue.dll104.0.2-FirefoxMozilla Foundationmozglue.dllMD5=D81C40EAA529D675598BD3D88F4D273B,SHA256=F89754F1E16A89AF01B5A3B2F4FDE652AA14DBA3131FB9A831D1E51E2E4D9359,IMPHASH=59035CC8561E9C04E566E656F35B9519trueMozilla CorporationValid 734700x8000000000000000344790Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.113{6820D070-4DFB-6323-3001-000000007502}9112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000344789Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.113{6820D070-4DFB-6323-3001-000000007502}9112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000344788Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.113{6820D070-4DFB-6323-3001-000000007502}9112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000344787Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.113{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000344786Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.112{6820D070-4DFB-6323-3001-000000007502}9112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=AD564ED89D67D88709AA5980BAE20604,SHA256=0EEBE5AA750667908006742E133AE1C273D966897B95B1A0E63826450BB4780A,IMPHASH=A48DFE6DD98128BE3EB687CBF2724A44trueSplunk, Inc.Valid 734700x8000000000000000344785Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.112{6820D070-4DFB-6323-3001-000000007502}9112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2zaOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=B28B29D2F85EB8349BFB5E7214D7F4D5,SHA256=17260ACBE55D8988E598ECEFBC60140EBE057336B47D8089444588321F067280,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 10341000x8000000000000000344784Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.111{6820D070-4D64-6323-ED00-000000007502}61404084C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFB-6323-2F01-000000007502}9096C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+114dfb|C:\Program Files\Mozilla Firefox\xul.dll+12ee2b1|C:\Windows\SYSTEM32\ntdll.dll+7f61d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed13|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000344783Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-ConnectPipe2022-09-15 16:08:27.111{6820D070-4D64-6323-ED00-000000007502}6140\gecko-crash-server-pipe.6140C:\Program Files\Mozilla Firefox\firefox.exe 734700x8000000000000000344782Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.111{6820D070-4DFB-6323-3001-000000007502}9112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=98C643DECFE1971BE3E8B076B19BFD72,SHA256=A520C20F316C902985449BC17AB5F86FCF2F41420B08C1AE08BA06E767EB49F3,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000344781Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.111{6820D070-4DFB-6323-3001-000000007502}9112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=9BC99DECE580BD163AC318FCD1ACB667,SHA256=94BA08021E14476ED8EC2DC81165574B64274E20F2D8DE9CA98CD0D10CE279F7,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000344780Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.111{6820D070-4DFB-6323-3001-000000007502}9112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2zaOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=0FE6D3D4B3F4B0F5502371832D12BB8E,SHA256=3DF79909021C72E70D2AE273587296E5E2D5F77315011B5C3115CFA359682647,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000344779Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.110{6820D070-4DFB-6323-3001-000000007502}9112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=FBA0D04D5A8AEA25D86EC623A14D0056,SHA256=D64FE508393C40160D1EFB22149C69763CBAA921BD1BC74C8D4AE59A10C3B767,IMPHASH=987AB6B8B03EE421D8CC59EAFE452916trueSplunk, Inc.Valid 734700x8000000000000000344778Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.110{6820D070-4DFB-6323-3001-000000007502}9112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.10libxml2 librarylibxml2-libxml2.dllMD5=20596DB2126E9F188727597F0FCC7CDB,SHA256=BAD6246A2B43B07FE80643DE40B0CE49751C8E0B95B076AD94E59F16CE8D8C0C,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000344777Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.109{6820D070-4DFB-6323-3001-000000007502}9112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000344776Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.107{6820D070-4DFB-6323-3001-000000007502}9112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000344775Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.106{6820D070-4DFB-6323-3001-000000007502}9112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000344774Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.106{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\KernelBase.dll10.0.14393.5246 (rs1_release.220701-1744)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=96EFBE3DB6300BB13E0720809302FF9F,SHA256=2DE51A861E8D47D75730027E8BD70554363E10449EC258527C491EE8D4A57C2F,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000344773Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.106{6820D070-4DFB-6323-3001-000000007502}9112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.4886 (rs1_release.220104-1735)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=C42106182CCA611F629E46981D1A0EEA,SHA256=68C134F95A8D38AE84545C8D581F4BF808B6C9D97513EA3CABF019C66419CBAE,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x8000000000000000344772Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.105{6820D070-4DFB-6323-3001-000000007502}9112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000344771Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.105{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=92D599E644B89C0F9E7DDB55762EBEA6,SHA256=F32D28EE73EADAF9EF3F30145FA3C52B88DF47236B8747434750832BF1B9CDEE,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000344770Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.105{6820D070-4DFB-6323-3001-000000007502}9112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000344769Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.104{6820D070-4DFB-6323-3001-000000007502}9112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.5006 (rs1_release.220301-1704)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=9F0F4C38A22FC9FFB8814F77A9563680,SHA256=E9ABDA1063716301F5D06DBC94D6A35B3F53A14B946525E5F764485132DB6166,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 10341000x8000000000000000344768Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.104{6820D070-4D64-6323-ED00-000000007502}61404264C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+27040|C:\Program Files\Mozilla Firefox\xul.dll+e7c824|C:\Program Files\Mozilla Firefox\xul.dll+e76539|C:\Program Files\Mozilla Firefox\xul.dll+e6774a|C:\Program Files\Mozilla Firefox\xul.dll+378cdc3|C:\Program Files\Mozilla Firefox\xul.dll+7c6334|C:\Program Files\Mozilla Firefox\xul.dll+1a629d7|C:\Program Files\Mozilla Firefox\xul.dll+1a61c23|C:\Program Files\Mozilla Firefox\xul.dll+17b1bad|C:\Program Files\Mozilla Firefox\xul.dll+1a890bb|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+1fc8e|C:\Program Files\Mozilla Firefox\xul.dll+180dd8|C:\Program Files\Mozilla Firefox\xul.dll+17fd52|C:\Program Files\Mozilla Firefox\xul.dll+44a9b51|C:\Program Files\Mozilla Firefox\xul.dll+4511b42|C:\Program Files\Mozilla Firefox\xul.dll+451296c|C:\Program Files\Mozilla Firefox\xul.dll+1f8be23|C:\Program Files\Mozilla Firefox\firefox.exe+19db6|C:\Program Files\Mozilla Firefox\firefox.exe+27d18|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344767Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.104{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntdll.dll10.0.14393.5006 (rs1_release.220301-1704)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=F5EE39B17A8BCDEDC3D40997C26F62B1,SHA256=11C1C88B1CC11D9800DEEF27ED7ABDFDE3DC852687A3B9FBD5153284106E5952,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000344766Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.104{6820D070-4DFB-6323-3001-000000007502}9112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4770 (rs1_release.211101-1440)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=54417B63FB3760BC6DBC5DB1BDA4C272,SHA256=B7A8B457B252AB949C067D5FCFEFB2AE98E9115B958D2A0FC120D7B13B3E9FAD,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000344765Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.104{6820D070-4DFB-6323-2F01-000000007502}9096C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\version.dll10.0.14393.0 (rs1_release.160715-1616)Version Checking and File Installation LibrariesMicrosoft® Windows® Operating SystemMicrosoft CorporationVERSION.DLLMD5=CFDB018AC09F879CAAE7A66CA7880D57,SHA256=6AB95FD0D142CFFC3B9455AF51F003E1CD75B7F4323820390B975F9E1C8A47A5,IMPHASH=9A7C66851249D4CED6C2C9096DCA243BtrueMicrosoft WindowsValid 734700x8000000000000000344764Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.103{6820D070-4DFB-6323-3001-000000007502}9112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.5291 (rs1_release.220806-1444)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=F8550606B41FF309D9A1DC76BB4EE875,SHA256=A1FFDD6A2EDA9E0CF047C74B00649A2EA228E3B8BDE1761C66879FA40335C2EB,IMPHASH=C4246EC3F13C64466ED4274DBAA3B132trueMicrosoft WindowsValid 734700x8000000000000000344763Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.103{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\firefox.exe104.0.2FirefoxFirefoxMozilla Corporationfirefox.exeMD5=BBF69077780A3C362C8F6545B6B254B9,SHA256=9BA01237719ABB00128CC369D5BEA68E6EB6AFCAA47C4316EED174615B90E2B6,IMPHASH=9AE80BC4D7F699F3663D6FC8FC1CEAF0trueMozilla CorporationValid 734700x8000000000000000344762Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.103{6820D070-4DFB-6323-2F01-000000007502}9096C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\SHCore.dll10.0.14393.5066 (rs1_release.220401-1841)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=FC58D75DDAF44088B9101BE2418B1967,SHA256=74A0CCA04F2405A329897A6A1A3E90A0CE48E5772F85E7188C75677CD9D78160,IMPHASH=3C09BDCE2388320645D7656AE2AC744CtrueMicrosoft WindowsValid 10341000x8000000000000000344761Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.103{6820D070-4D64-6323-ED00-000000007502}61405612C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+9f9b59|C:\Program Files\Mozilla Firefox\xul.dll+7c6334|C:\Program Files\Mozilla Firefox\xul.dll+1a7fd3f|C:\Program Files\Mozilla Firefox\xul.dll+12cb5|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+127e7|C:\Program Files\Mozilla Firefox\xul.dll+9e0231|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344760Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.103{6820D070-4DFB-6323-2F01-000000007502}9096C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\combase.dll10.0.14393.5192 (rs1_release.220610-1622)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=336FBB55FF4D4E5A05343A51C98A8F74,SHA256=FD42EBCB39DD4311FA7515010FF4D08AC4DFF7D5C35FCB23207833ED4C2E8444,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000344759Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.102{6820D070-4DFB-6323-2F01-000000007502}9096C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000344758Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.102{6820D070-4DFB-6323-2F01-000000007502}9096C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000344757Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.102{6820D070-4DFB-6323-2F01-000000007502}9096C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36,IMPHASH=FF25576501EAFD13671A6D5075C4513EtrueMicrosoft WindowsValid 734700x8000000000000000344756Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.101{6820D070-4DFB-6323-2F01-000000007502}9096C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 10341000x8000000000000000344755Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.101{6820D070-4B7C-6323-8800-000000007502}6281180C:\Windows\system32\csrss.exe{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000344754Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.101{6820D070-4D64-6323-ED00-000000007502}61405840C:\Program Files\Mozilla Firefox\firefox.exe{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b830|C:\Windows\System32\KERNELBASE.dll+6f523|C:\Windows\System32\ADVAPI32.dll+189bf|C:\Program Files\Mozilla Firefox\firefox.exe+2bb52|C:\Program Files\Mozilla Firefox\firefox.exe+59d7|C:\Program Files\Mozilla Firefox\xul.dll+203367f|C:\Program Files\Mozilla Firefox\xul.dll+9f4a88|C:\Program Files\Mozilla Firefox\xul.dll+9f2b85|C:\Program Files\Mozilla Firefox\xul.dll+9faa2e|C:\Program Files\Mozilla Firefox\xul.dll+84ead3|C:\Program Files\Mozilla Firefox\xul.dll+17b26ed|C:\Program Files\Mozilla Firefox\xul.dll+17b0967|C:\Program Files\Mozilla Firefox\xul.dll+9e349f|C:\Program Files\Mozilla Firefox\xul.dll+1fc8e|C:\Program Files\Mozilla Firefox\xul.dll+8523f7|C:\Program Files\Mozilla Firefox\nss3.dll+75edc|C:\Program Files\Mozilla Firefox\nss3.dll+8c1d1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Program Files\Mozilla Firefox\mozglue.dll+1f648|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000344753Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.101{6820D070-4DFB-6323-3101-000000007502}9124C:\Program Files\Mozilla Firefox\firefox.exe104.0.2FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6140.45.327684115\1469256152" -childID 42 -isForBrowser -prefsHandle 10544 -prefMapHandle 10464 -prefsLen 31603 -prefMapSize 231974 -jsInitHandle 1100 -jsInitLen 247228 -a11yResourceId 64 -parentBuildID 20220902153754 -appDir "C:\Program Files\Mozilla Firefox\browser" - 6140 "\\.\pipe\gecko-crash-server-pipe.6140" 10448 2612a192b48 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{6820D070-4B7D-6323-1F63-0C0000000000}0xc631f2LowMD5=BBF69077780A3C362C8F6545B6B254B9,SHA256=9BA01237719ABB00128CC369D5BEA68E6EB6AFCAA47C4316EED174615B90E2B6,IMPHASH=9AE80BC4D7F699F3663D6FC8FC1CEAF0{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 734700x8000000000000000344752Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.101{6820D070-4DFB-6323-2F01-000000007502}9096C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wintrust.dll10.0.14393.5125 (rs1_release.220429-1732)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=55FCE44E89BDA2444619661FE50F43EE,SHA256=420CACA0D821E7E9F1D1E683E9899BC2F6D5A4AA06C8D4BB23335DD9490CC0F8,IMPHASH=8B8383FC3FA03C92F859A2AF899A52ADtrueMicrosoft WindowsValid 734700x8000000000000000344751Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.101{6820D070-4DFB-6323-3001-000000007502}9112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000344750Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.100{6820D070-4DFB-6323-2F01-000000007502}9096C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll104.0.2-FirefoxMozilla Foundationxul.dllMD5=0A51F22D078855CE4E32F0987E9B06C6,SHA256=CD073C7F42A13D192E8E96AC16B0C2BE56D40424768DC65733380AB4AFBD4716,IMPHASH=9A9A84C657A1B1C5F1F6F1989D349543trueMozilla CorporationValid 734700x8000000000000000344749Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.100{6820D070-4DFB-6323-3001-000000007502}9112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.5192 (rs1_release.220610-1622)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=336FBB55FF4D4E5A05343A51C98A8F74,SHA256=FD42EBCB39DD4311FA7515010FF4D08AC4DFF7D5C35FCB23207833ED4C2E8444,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000344748Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.100{6820D070-4DFB-6323-3001-000000007502}9112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=EB53D1BF6E1667C8727EBBB5D5A862ED,SHA256=2B3D48DFA43A284B1C66A8A98B0A48104133D86EEEB2E8E060BE2281CF476348,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000344747Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.100{6820D070-4DFB-6323-2F01-000000007502}9096C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\lgpllibs.dll104.0.2-FirefoxMozilla Foundationlgpllibs.dllMD5=8A81C934123E7CA79B7A1741570D3336,SHA256=0A0F351BBB315E6364398A55F77607E57C29CB83BEE9FC6D7EA6DC3D761964DA,IMPHASH=451AECEA9F58042E76D96A82BE2804FAtrueMozilla CorporationValid 734700x8000000000000000344746Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.100{6820D070-4DFB-6323-3001-000000007502}9112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F284A98093B423946252259D7D2857D3,SHA256=193F70529B68EF108EA17ABC069E6DACF4541A547DF1D2F249F7555A58BCFA07,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000344745Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.099{6820D070-4DFB-6323-3001-000000007502}9112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000344744Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.099{6820D070-4DFB-6323-3001-000000007502}9112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000344743Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.099{6820D070-4DFB-6323-3001-000000007502}9112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000344742Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.099{6820D070-4DFB-6323-2F01-000000007502}9096C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wsock32.dll10.0.14393.0 (rs1_release.160715-1616)Windows Socket 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationwsock32.dllMD5=9471D5E2FEDF5552440BF935143DFAB0,SHA256=B489197F05EFFFB17F10FA9942DB88100C86BEB8291F9ACC8EB38BEF751BF90D,IMPHASH=6D33A1BDF842DEBFB889C44A830190E7trueMicrosoft WindowsValid 10341000x8000000000000000344741Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.098{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344740Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.098{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344739Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.098{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344738Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.098{6820D070-4AE0-6323-3A00-000000007502}34043444C:\Windows\system32\conhost.exe{6820D070-4DFB-6323-3001-000000007502}9112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8df|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344737Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.098{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344736Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.098{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344735Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.098{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344734Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.097{6820D070-4DFB-6323-2F01-000000007502}9096C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 10341000x8000000000000000344733Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.097{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344732Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.097{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344731Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.097{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344730Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.097{6820D070-4DFB-6323-3001-000000007502}9112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.5246 (rs1_release.220701-1744)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=96EFBE3DB6300BB13E0720809302FF9F,SHA256=2DE51A861E8D47D75730027E8BD70554363E10449EC258527C491EE8D4A57C2F,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000344729Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.097{6820D070-4DFB-6323-2F01-000000007502}9096C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\rpcrt4.dll10.0.14393.5291 (rs1_release.220806-1444)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=F8550606B41FF309D9A1DC76BB4EE875,SHA256=A1FFDD6A2EDA9E0CF047C74B00649A2EA228E3B8BDE1761C66879FA40335C2EB,IMPHASH=C4246EC3F13C64466ED4274DBAA3B132trueMicrosoft WindowsValid 10341000x8000000000000000344728Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.097{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344727Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.096{6820D070-4DFB-6323-3001-000000007502}9112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=92D599E644B89C0F9E7DDB55762EBEA6,SHA256=F32D28EE73EADAF9EF3F30145FA3C52B88DF47236B8747434750832BF1B9CDEE,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 10341000x8000000000000000344726Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.096{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344725Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.096{6820D070-4DFB-6323-2F01-000000007502}9096C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\sechost.dll10.0.14393.5006 (rs1_release.220301-1704)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=9F0F4C38A22FC9FFB8814F77A9563680,SHA256=E9ABDA1063716301F5D06DBC94D6A35B3F53A14B946525E5F764485132DB6166,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 10341000x8000000000000000344724Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.096{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344723Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.096{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344722Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.096{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344721Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.095{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344720Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.095{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344719Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.095{6820D070-4DFB-6323-2F01-000000007502}9096C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 10341000x8000000000000000344718Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.095{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344717Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.095{6820D070-4DFB-6323-3001-000000007502}9112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.5006 (rs1_release.220301-1704)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=F5EE39B17A8BCDEDC3D40997C26F62B1,SHA256=11C1C88B1CC11D9800DEEF27ED7ABDFDE3DC852687A3B9FBD5153284106E5952,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x8000000000000000344716Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.095{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344715Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.094{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344714Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.094{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344713Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.093{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344712Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.094{6820D070-4DFB-6323-2F01-000000007502}9096C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\advapi32.dll10.0.14393.4886 (rs1_release.220104-1735)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=C42106182CCA611F629E46981D1A0EEA,SHA256=68C134F95A8D38AE84545C8D581F4BF808B6C9D97513EA3CABF019C66419CBAE,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x8000000000000000344711Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.094{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344710Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.094{6820D070-4DFB-6323-3001-000000007502}9112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.2.5Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=611F936426EC989CDC9FB43B692D3CFA,SHA256=AF94FF9B82C4BF6F27A5695E741D2BDF06A6A574924179D0BC9E7B8A725882F5,IMPHASH=A2763C4BA6D4717F662584401724A6B2trueSplunk, Inc.Valid 10341000x8000000000000000344709Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.093{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344708Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.093{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x8000000000000000344707Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.093{6820D070-4DFB-6323-2F01-000000007502}9096C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\nss3.dll104.0.2-FirefoxMozilla Foundationnss3.dllMD5=53509A4511300964ADB047AD5F1F1170,SHA256=2241536476C6C2CCE371DCFB08432C351198809A577FFC2E79D27FCEAAB6FEE5,IMPHASH=C637BF48786E5FC945D5268F49B50500trueMozilla CorporationValid 10341000x8000000000000000344706Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.093{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344705Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.093{6820D070-4AD1-6323-0C00-000000007502}828964C:\Windows\system32\svchost.exe{6820D070-4ADF-6323-2C00-000000007502}2712C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344704Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.093{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344703Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.092{6820D070-4ACF-6323-0500-000000007502}404520C:\Windows\system32\csrss.exe{6820D070-4DFB-6323-3001-000000007502}9112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000344702Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.092{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344701Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.092{6820D070-4ADF-6323-3200-000000007502}29363888C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6820D070-4DFB-6323-3001-000000007502}9112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b830|C:\Windows\System32\KERNELBASE.dll+6b316|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e499f1|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+1b3255|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+1bd30d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+1b59b6|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+dd3c14|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+1bd79a|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+1c0f1c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+dd07d2|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+dd491d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+1bb965|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+dc694e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344700Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.092{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000344699Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.092{6820D070-4DFB-6323-3001-000000007502}9112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.2.5Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6820D070-4ACF-6323-E703-000000000000}0x3e70SystemMD5=611F936426EC989CDC9FB43B692D3CFA,SHA256=AF94FF9B82C4BF6F27A5695E741D2BDF06A6A574924179D0BC9E7B8A725882F5,IMPHASH=A2763C4BA6D4717F662584401724A6B2{6820D070-4ADF-6323-3200-000000007502}2936C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000344698Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-403.attackrange.local-2022-09-15 16:08:27.091{6820D070-4ACF-6323-0B00-000000007502}620824C:\Windows\system32\lsass.exe{6820D070-4D64-6323-ED00-000000007502}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+787ac|C:\Windows\system32\lsasrv.dll+e8134|C:\Windows\System32\RPCRT4.dll+7ac63|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+5342c|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 17141700x8000000000000000344697Micr