10341000x80000000000000001019677Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:04:11.236{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001019577Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:04:10.202{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001019477Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:04:09.170{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001019377Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:04:08.140{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001019276Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:04:07.109{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001019175Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:04:06.073{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001019074Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:04:05.057{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001019007Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:04:05.026{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001019006Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:04:05.026{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001018792Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:04:03.986{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001018691Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:04:02.940{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001018589Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:04:01.906{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001018489Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:04:00.856{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001018389Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:59.839{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001018289Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:58.803{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001018189Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:57.772{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001018088Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:56.741{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001017988Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:55.711{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001017886Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:54.674{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001017819Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:54.658{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001017818Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:54.658{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001017604Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:53.611{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001017503Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:52.575{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001017386Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:51.545{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001017261Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:50.514{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001017159Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:49.508{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001017058Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:48.461{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001016958Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:47.414{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001016858Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:46.387{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001016758Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:45.340{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001016657Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:44.304{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001016590Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:44.288{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001016589Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:44.288{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001016374Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:43.242{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001016266Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:42.207{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001016166Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:41.168{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001016066Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:40.134{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001015960Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:39.088{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001015800Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:38.067{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001015690Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:37.051{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001015589Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:36.005{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001015487Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:34.968{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001015387Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:33.938{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001015320Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:33.906{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001015319Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:33.906{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001015100Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:32.870{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001014991Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:31.854{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001014874Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:30.823{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001014774Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:29.792{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001014672Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:28.755{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001014572Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:27.725{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001014471Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:26.691{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001014370Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:25.657{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001014267Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:24.627{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001014165Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:23.610{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001014098Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:23.610{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001014097Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:23.610{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001013882Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:22.542{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001013781Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:21.497{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001013681Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:20.474{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001013581Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:19.444{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001013481Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:18.398{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001013380Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:17.361{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001013280Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:16.330{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001013180Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:15.300{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001013080Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:14.279{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001012979Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:13.248{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001012912Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:13.217{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001012911Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:13.217{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001012696Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:12.201{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001012595Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:11.165{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001012495Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:10.135{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001012395Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:09.119{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001012295Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:08.081{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001012195Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:07.066{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001012094Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:06.035{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001011993Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:05.004{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001011892Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:03.983{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001011791Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:02.965{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001011724Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:02.880{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001011723Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:02.880{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001011509Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:01.796{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001011408Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:03:00.730{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001011308Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:59.699{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001011208Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:58.663{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001011108Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:57.632{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001011008Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:56.601{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001010906Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:55.564{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001010806Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:54.533{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001010705Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:53.502{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001010605Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:52.466{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001010538Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:52.466{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001010537Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:52.466{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001010320Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:51.420{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001010217Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:50.386{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001010115Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:49.368{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001010012Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:48.337{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001009909Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:47.303{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001009807Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:46.281{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001009704Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:45.251{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001009601Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:44.220{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001009496Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:43.201{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001009385Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:42.149{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001009316Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:42.134{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001009315Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:42.134{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001009096Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:41.082{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001008994Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:40.065{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001008886Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:39.035{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001008763Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:38.004{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001008642Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:36.951{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001008537Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:35.933{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001008434Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:34.901{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001008326Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:33.879{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001008217Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:32.833{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001008097Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:31.818{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ntdll.dll+6cd1a|C:\Windows\System32\KERNEL32.DLL+1cff8|C:\Windows\System32\KERNEL32.DLL+25a87|C:\Users\Administrator\Downloads\procexp64.exe+51b6c|C:\Users\Administrator\Downloads\procexp64.exe+538b7|C:\Users\Administrator\Downloads\procexp64.exe+a89ec|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001008096Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:31.818{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+79325|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+793d7|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+1b639|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+1b529|C:\Users\Administrator\Downloads\procexp64.exe+747e7|C:\Users\Administrator\Downloads\procexp64.exe+a89dd|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001008095Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:31.818{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001008026Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:31.803{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001008025Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:31.803{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001007789Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:30.766{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ntdll.dll+6cd1a|C:\Windows\System32\KERNEL32.DLL+1cff8|C:\Windows\System32\KERNEL32.DLL+25a87|C:\Users\Administrator\Downloads\procexp64.exe+51b6c|C:\Users\Administrator\Downloads\procexp64.exe+538b7|C:\Users\Administrator\Downloads\procexp64.exe+a89ec|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001007788Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:30.766{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+79325|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+793d7|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+1b639|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+1b529|C:\Users\Administrator\Downloads\procexp64.exe+747e7|C:\Users\Administrator\Downloads\procexp64.exe+a89dd|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001007787Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:30.766{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001007672Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:29.735{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ntdll.dll+6cd1a|C:\Windows\System32\KERNEL32.DLL+1cff8|C:\Windows\System32\KERNEL32.DLL+25a87|C:\Users\Administrator\Downloads\procexp64.exe+51b6c|C:\Users\Administrator\Downloads\procexp64.exe+538b7|C:\Users\Administrator\Downloads\procexp64.exe+a9f81|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001007671Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:29.735{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+79325|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+793d7|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+1b639|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+1b529|C:\Users\Administrator\Downloads\procexp64.exe+747e7|C:\Users\Administrator\Downloads\procexp64.exe+a9f6e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001007670Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:29.735{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5ea84|C:\Users\Administrator\Downloads\procexp64.exe+a9e0f|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001007669Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:29.735{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\winsta.dll+1178|C:\Windows\SYSTEM32\winsta.dll+10b5|C:\Users\Administrator\Downloads\procexp64.exe+a5184|C:\Users\Administrator\Downloads\procexp64.exe+a951e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001007668Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:29.735{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a9381|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001007560Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:29.183{E0516A88-F050-6295-B000-000000005602}50685012C:\Windows\Explorer.EXE{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\NPSMDesktopProvider.dll+1be4a|C:\Windows\System32\NPSMDesktopProvider.dll+1226e|C:\Windows\System32\NPSMDesktopProvider.dll+12835|C:\Windows\System32\NPSMDesktopProvider.dll+67dc|C:\Windows\System32\TwinUI.dll+7c148|C:\Windows\System32\TwinUI.dll+7572d|C:\Windows\System32\TwinUI.dll+75303|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001007559Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:29.183{E0516A88-F050-6295-B000-000000005602}50687728C:\Windows\Explorer.EXE{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+e9b5f|C:\Windows\System32\SHELL32.dll+eb6a5|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bf3f|C:\Windows\System32\windows.storage.dll+13accb|C:\Windows\System32\windows.storage.dll+1391ef|C:\Windows\System32\SHCORE.dll+367b6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001007558Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:29.183{E0516A88-F050-6295-B000-000000005602}50687728C:\Windows\Explorer.EXE{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+eb5be|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bf3f|C:\Windows\System32\windows.storage.dll+13accb|C:\Windows\System32\windows.storage.dll+1391ef|C:\Windows\System32\SHCORE.dll+367b6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001007557Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:29.183{E0516A88-F050-6295-B000-000000005602}50689160C:\Windows\Explorer.EXE{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+e9b5f|C:\Windows\System32\SHELL32.dll+eb6a5|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bf3f|C:\Windows\System32\windows.storage.dll+13accb|C:\Windows\System32\windows.storage.dll+1391ef|C:\Windows\System32\SHCORE.dll+367b6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001007556Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:29.183{E0516A88-F050-6295-B000-000000005602}50687728C:\Windows\Explorer.EXE{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+e9db4|C:\Windows\System32\SHELL32.dll+eb587|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bf3f|C:\Windows\System32\windows.storage.dll+13accb|C:\Windows\System32\windows.storage.dll+1391ef|C:\Windows\System32\SHCORE.dll+367b6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 05/31/2022 01:02:29 PM LogName=Security EventCode=4688 EventType=0 ComputerName=win-dc-ctus-attack-range-713.attackrange.local SourceName=Microsoft Windows security auditing. Type=Information RecordNumber=324433 Keywords=Audit Success TaskCategory=Process Creation OpCode=Info Message=A new process has been created. Creator Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0xAC6B1 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2754 New Process Name: C:\Windows\System32\msdt.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\High Mandatory Level Creator Process ID: 0x2b54 Creator Process Name: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE Process Command Line: "C:\Windows\system32\msdt.exe" ms-msdt:/id PCWDiagnostic /skip force /param "IT_RebrowseForFile=? IT_LaunchMethod=ContextMenu IT_BrowseForFile=/../../$(\windows\system32\calc)/.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 10341000x80000000000000001007555Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:29.183{E0516A88-F050-6295-B000-000000005602}50689160C:\Windows\Explorer.EXE{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+eb5be|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bf3f|C:\Windows\System32\windows.storage.dll+13accb|C:\Windows\System32\windows.storage.dll+1391ef|C:\Windows\System32\SHCORE.dll+367b6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001007554Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:29.183{E0516A88-F050-6295-B000-000000005602}50689160C:\Windows\Explorer.EXE{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+e9db4|C:\Windows\System32\SHELL32.dll+eb587|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bf3f|C:\Windows\System32\windows.storage.dll+13accb|C:\Windows\System32\windows.storage.dll+1391ef|C:\Windows\System32\SHCORE.dll+367b6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001007553Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:29.167{E0516A88-F050-6295-B000-000000005602}50689160C:\Windows\Explorer.EXE{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bf3f|C:\Windows\System32\windows.storage.dll+13accb|C:\Windows\System32\windows.storage.dll+1391ef|C:\Windows\System32\SHCORE.dll+367b6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001007552Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:29.167{E0516A88-F04F-6295-AA00-000000005602}45644644C:\Windows\system32\taskhostw.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001007551Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:29.167{E0516A88-F04F-6295-AA00-000000005602}45644644C:\Windows\system32\taskhostw.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001007550Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:29.167{E0516A88-F050-6295-B000-000000005602}50682732C:\Windows\Explorer.EXE{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+e9b5f|C:\Windows\System32\SHELL32.dll+ebd30|C:\Windows\System32\TwinUI.dll+100021|C:\Windows\System32\TwinUI.dll+10088f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001007549Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:29.167{E0516A88-F050-6295-B000-000000005602}50682732C:\Windows\Explorer.EXE{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+81330|C:\Windows\System32\SHELL32.dll+ebcec|C:\Windows\System32\TwinUI.dll+100021|C:\Windows\System32\TwinUI.dll+10088f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001007548Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:29.167{E0516A88-F050-6295-B000-000000005602}50682732C:\Windows\Explorer.EXE{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+e9db4|C:\Windows\System32\SHELL32.dll+ebcc0|C:\Windows\System32\TwinUI.dll+100021|C:\Windows\System32\TwinUI.dll+10088f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001007547Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:29.167{E0516A88-F050-6295-B000-000000005602}50682732C:\Windows\Explorer.EXE{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+ffe59|C:\Windows\System32\TwinUI.dll+10088f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001007546Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:29.167{E0516A88-EF86-6295-0B00-000000005602}6327560C:\Windows\system32\lsass.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\lsasrv.dll+262f7|C:\Windows\system32\lsasrv.dll+2743d|C:\Windows\system32\lsasrv.dll+26175|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7af03|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+536cc|C:\Windows\System32\RPCRT4.dll+35ac4|C:\Windows\System32\RPCRT4.dll+349dd|C:\Windows\System32\RPCRT4.dll+3528b|C:\Windows\System32\RPCRT4.dll+2107c|C:\Windows\System32\RPCRT4.dll+214fc|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a7aa|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001007545Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:29.167{E0516A88-EF86-6295-0B00-000000005602}6327560C:\Windows\system32\lsass.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2c06f|C:\Windows\system32\lsasrv.dll+260bd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7af03|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+536cc|C:\Windows\System32\RPCRT4.dll+35ac4|C:\Windows\System32\RPCRT4.dll+349dd|C:\Windows\System32\RPCRT4.dll+3528b|C:\Windows\System32\RPCRT4.dll+2107c|C:\Windows\System32\RPCRT4.dll+214fc|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a7aa|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001007544Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:29.102{E0516A88-EF89-6295-1600-000000005602}12961932C:\Windows\system32\svchost.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001007543Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:29.102{E0516A88-EF89-6295-1600-000000005602}12961328C:\Windows\system32\svchost.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14422|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001007542Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:29.101{E0516A88-EF86-6295-0B00-000000005602}6327560C:\Windows\system32\lsass.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea6c|C:\Windows\system32\lsasrv.dll+e6b04|C:\Windows\System32\RPCRT4.dll+7af03|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+536cc|C:\Windows\System32\RPCRT4.dll+35ac4|C:\Windows\System32\RPCRT4.dll+349dd|C:\Windows\System32\RPCRT4.dll+3528b|C:\Windows\System32\RPCRT4.dll+2107c|C:\Windows\System32\RPCRT4.dll+214fc|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a7aa|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001007539Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:29.052{E0516A88-F04C-6295-9D00-000000005602}3852404C:\Windows\system32\csrss.exe{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001007536Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:29.052{E0516A88-11D8-6296-D209-000000005602}110929268C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b830|C:\Windows\System32\KERNELBASE.dll+6b316|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll+d9437|C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll+d848f|C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll+d8ef8|C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll+d192e|C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll+d24c7|C:\Windows\System32\windows.storage.dll+16e7bb|C:\Windows\System32\windows.storage.dll+16e4d1|C:\Windows\System32\windows.storage.dll+16e11e|C:\Windows\System32\windows.storage.dll+16f3c0|C:\Windows\System32\windows.storage.dll+16de6e|C:\Windows\System32\windows.storage.dll+fce7d|C:\Windows\System32\windows.storage.dll+fd5bc|C:\Windows\System32\windows.storage.dll+fc920|C:\Windows\System32\windows.storage.dll+16657a|C:\Windows\System32\windows.storage.dll+1662d2|C:\Windows\System32\SHELL32.dll+bcddd|C:\Windows\System32\SHELL32.dll+bb976|C:\Windows\System32\SHELL32.dll+ae219|C:\Windows\System32\SHELL32.dll+ef69e|C:\Windows\System32\SHELL32.dll+ba953 154100x80000000000000001007535Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:02:29.042{E0516A88-11E5-6296-D409-000000005602}10068C:\Windows\System32\msdt.exe10.0.14393.0 (rs1_release.160715-1616)Diagnostics Troubleshooting WizardMicrosoft® Windows® Operating SystemMicrosoft Corporationmsdt.exe"C:\Windows\system32\msdt.exe" ms-msdt:/id PCWDiagnostic /skip force /param "IT_RebrowseForFile=? IT_LaunchMethod=ContextMenu IT_BrowseForFile=/../../$(\windows\system32\calc)/.exe"C:\Users\Administrator\Downloads\follina.py-main\ATTACKRANGE\Administrator{E0516A88-F04E-6295-B1C6-0A0000000000}0xac6b12HighMD5=BB98CE2BD520AC69CB3D2F830974CABE,SHA256=C1237BDD2B574C1CBBB4A0D990773BBED5B6FE3BD14F8011C0E79F9CDDCA2B4E,IMPHASH=5D314604CE5F7FF83060B18832AA0D35{E0516A88-11D8-6296-D209-000000005602}11092C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Administrator\Downloads\follina.py-main\clickme_orig.docx" /o "" 10341000x80000000000000001003710Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:57.559{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001003632Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:56.976{E0516A88-F050-6295-B000-000000005602}50685012C:\Windows\Explorer.EXE{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\NPSMDesktopProvider.dll+1be4a|C:\Windows\System32\NPSMDesktopProvider.dll+1226e|C:\Windows\System32\NPSMDesktopProvider.dll+12835|C:\Windows\System32\NPSMDesktopProvider.dll+67dc|C:\Windows\System32\TwinUI.dll+7c148|C:\Windows\System32\TwinUI.dll+7572d|C:\Windows\System32\TwinUI.dll+75303|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001003631Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:56.976{E0516A88-F050-6295-B000-000000005602}50687728C:\Windows\Explorer.EXE{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+e9b5f|C:\Windows\System32\SHELL32.dll+eb6a5|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bf3f|C:\Windows\System32\windows.storage.dll+13accb|C:\Windows\System32\windows.storage.dll+1391ef|C:\Windows\System32\SHCORE.dll+367b6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001003630Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:56.976{E0516A88-F050-6295-B000-000000005602}50687728C:\Windows\Explorer.EXE{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+eb5be|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bf3f|C:\Windows\System32\windows.storage.dll+13accb|C:\Windows\System32\windows.storage.dll+1391ef|C:\Windows\System32\SHCORE.dll+367b6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001003629Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:56.976{E0516A88-F050-6295-B000-000000005602}50687728C:\Windows\Explorer.EXE{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+e9db4|C:\Windows\System32\SHELL32.dll+eb587|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bf3f|C:\Windows\System32\windows.storage.dll+13accb|C:\Windows\System32\windows.storage.dll+1391ef|C:\Windows\System32\SHCORE.dll+367b6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001003628Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:56.976{E0516A88-F050-6295-B000-000000005602}50682732C:\Windows\Explorer.EXE{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+e9b5f|C:\Windows\System32\SHELL32.dll+ebd30|C:\Windows\System32\TwinUI.dll+100021|C:\Windows\System32\TwinUI.dll+10088f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001003627Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:56.976{E0516A88-F050-6295-B000-000000005602}50682732C:\Windows\Explorer.EXE{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+81330|C:\Windows\System32\SHELL32.dll+ebcec|C:\Windows\System32\TwinUI.dll+100021|C:\Windows\System32\TwinUI.dll+10088f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001003626Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:56.976{E0516A88-F050-6295-B000-000000005602}50682732C:\Windows\Explorer.EXE{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+e9db4|C:\Windows\System32\SHELL32.dll+ebcc0|C:\Windows\System32\TwinUI.dll+100021|C:\Windows\System32\TwinUI.dll+10088f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001003625Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:56.976{E0516A88-F050-6295-B000-000000005602}50682732C:\Windows\Explorer.EXE{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+ffe59|C:\Windows\System32\TwinUI.dll+10088f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001003600Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:56.529{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001003496Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:55.461{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001003393Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:54.398{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001003283Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:53.372{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001003179Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:52.357{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001003062Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:51.341{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001002933Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:50.290{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001002841Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:50.273{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001002840Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:50.273{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001002636Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:49.244{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001002526Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:48.192{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001002398Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:47.167{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x80000000000000001002307Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.localT1042SetValue2022-05-31 13:01:47.051{E0516A88-11B9-6296-CD09-000000005602}9944C:\Windows\regedit.exeHKCR\ms-msdt\shell\open\command\(Default)"%%SystemRoot%%\system32\msdt.exe" %%1 10341000x80000000000000001002279Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:46.099{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001002157Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:45.083{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001002057Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:44.049{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001001957Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:43.047{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001001850Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:42.030{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001001751Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:40.994{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001001637Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:39.963{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001001551Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:39.947{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001001550Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:39.947{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001001346Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:38.895{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001001228Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:37.871{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001001117Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:36.838{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001001017Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:35.792{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001000916Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:34.754{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001000815Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:33.740{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001000710Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:32.693{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001000596Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:31.654{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001000480Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:30.638{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001000381Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:29.607{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001000295Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:29.591{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001000294Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:29.591{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001000099Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:28.555{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000999998Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:27.509{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000999898Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:26.495{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000999797Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:25.443{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000999697Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:24.426{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000999594Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:23.380{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000999493Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:22.358{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000999392Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:21.312{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000999292Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:20.296{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000999192Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:19.280{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000999104Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:19.275{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000999103Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:19.275{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000998908Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:18.242{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000998808Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:17.196{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000998707Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:16.178{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000998606Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:15.130{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000998506Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:14.115{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000998406Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:13.063{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000998306Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:12.032{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000998206Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:11.017{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000998105Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:09.965{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000998005Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:08.950{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000997917Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:08.935{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000997916Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:08.935{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000997721Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:07.896{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000997621Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:06.860{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000997521Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:05.845{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000997420Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:04.814{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000997320Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:03.784{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000997220Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:02.731{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000997120Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:01.716{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000997020Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:01:00.684{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000996920Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:59.648{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000996819Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:58.616{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000996731Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:58.600{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000996730Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:58.600{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000996535Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:57.563{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000996435Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:56.532{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000996334Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:55.518{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000996233Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:54.482{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000996133Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:53.435{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000996033Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:52.421{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000995931Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:51.389{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000995829Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:50.360{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000995728Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:49.336{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000995628Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:48.306{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000995540Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:48.288{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000995539Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:48.288{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000995343Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:47.250{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000995243Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:46.220{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000995142Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:45.207{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000995041Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:44.167{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000994938Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:43.123{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000994830Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:42.103{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000994730Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:41.057{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000994629Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:40.042{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000994522Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:39.023{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000994404Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:38.008{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000994316Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:37.993{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000994315Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:37.993{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000994108Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:36.955{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000994008Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:35.909{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000993907Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:34.873{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000993807Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:33.842{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000993707Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:32.828{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000993597Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:31.797{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000993479Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:30.776{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000993379Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:29.746{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000993279Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:28.700{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000993179Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:27.690{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000993091Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:27.656{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000993090Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:27.656{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000992895Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:26.611{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000992794Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:25.592{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000992692Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:24.544{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000992590Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:23.522{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000992490Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:22.488{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000992389Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:21.437{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000992289Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:20.423{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000992188Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:19.391{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000992087Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:18.370{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000991986Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:17.354{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000991898Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:17.338{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000991897Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:17.338{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000991700Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:16.256{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000991599Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:15.208{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000991498Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:14.188{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000991398Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:13.168{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000991298Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:12.121{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000991198Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:11.103{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000991098Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:10.082{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000990998Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:09.034{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000990897Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:08.004{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000990797Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:06.996{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000990709Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:06.968{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000990708Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:06.968{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000990512Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:05.921{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000990412Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:04.921{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000990311Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:03.883{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000990210Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:02.838{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000990109Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:01.809{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000990007Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 13:00:00.768{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000989907Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:59.740{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000989806Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:58.723{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000989706Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:57.700{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000989604Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:56.679{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000989516Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:56.669{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000989515Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:56.669{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000989318Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:55.634{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000989218Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:54.592{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000989117Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:53.553{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000989016Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:52.525{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000988901Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:51.495{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000988777Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:50.467{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000988677Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:49.445{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000988577Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:48.425{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000988477Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:47.408{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000988376Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:46.378{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000988288Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:46.362{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000988287Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:46.362{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000988091Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:45.304{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000987990Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:44.283{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000987846Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:43.258{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000987738Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:42.225{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000987638Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:41.192{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000987536Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:40.162{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000987430Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:39.133{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000987312Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:38.105{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000987202Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:37.081{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000987102Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:36.064{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000987014Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:36.054{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000987013Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:36.054{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000986817Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:35.028{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000986715Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:34.011{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000986614Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:32.990{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000986491Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:31.961{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000986375Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:30.932{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000986275Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:29.905{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000986175Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:28.882{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000986075Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:27.863{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000985974Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:26.840{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000985874Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:25.805{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000985786Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:25.783{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000985785Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:25.783{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000985590Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:24.737{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000985487Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:23.719{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000985385Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:22.698{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000985284Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:21.663{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000985183Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:20.641{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000985075Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:19.617{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000984975Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:18.588{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000984873Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:17.567{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000984767Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:16.544{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000984662Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:15.522{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000984574Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:15.512{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000984573Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:15.511{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000984378Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:14.487{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000984275Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:13.469{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000984175Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:12.450{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000984074Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:11.431{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000983974Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:10.412{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000983870Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:09.394{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000983764Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:08.367{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000983662Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:07.346{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000983555Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:06.320{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000983443Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:05.292{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000983355Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:05.281{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000983354Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:05.281{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000983121Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:04.247{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000982997Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:03.165{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000982888Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:02.136{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000982767Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:01.116{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000982657Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:59:00.092{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000982548Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:59.066{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000982437Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:58.041{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000982328Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:57.010{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000982220Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:55.994{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000982110Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:54.965{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000982004Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:54.953{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000982003Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:54.953{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000981799Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:53.924{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000981690Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:52.902{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000981577Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:51.881{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000981469Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:50.860{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000981358Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:49.835{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000981249Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:48.816{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000981139Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:47.787{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000981031Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:46.768{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000980922Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:45.751{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000980814Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:44.717{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000980708Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:44.706{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000980707Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:44.706{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000980501Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:43.650{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000980383Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:42.595{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000980273Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:41.540{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000980164Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:40.517{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000980050Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:39.468{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000979924Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:38.447{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000979805Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:37.421{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000979695Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:36.400{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000979587Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:35.387{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000979476Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:34.346{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000979370Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:34.330{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000979369Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:34.330{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000979153Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:33.300{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000979033Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:32.279{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000978914Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:31.262{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000978805Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:30.236{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000978694Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:29.212{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000978576Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:28.192{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000978453Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:27.166{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000978292Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:26.144{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000978178Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:25.118{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000978068Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:24.099{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000977960Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:24.085{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000977959Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:24.085{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000977755Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:23.060{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000977645Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:22.041{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000977532Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:21.022{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000977416Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:20.001{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000977301Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:18.976{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000977175Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:17.957{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000977052Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:16.938{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000976904Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:15.922{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000976788Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:14.900{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000976666Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:13.871{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000976558Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:13.850{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000976557Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:13.850{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000976344Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:12.819{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000976199Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:11.800{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000976039Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:10.771{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000975908Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:09.750{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000975755Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:08.719{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000975562Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:07.686{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000975356Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:06.643{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000974855Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:05.591{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000974376Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:04.567{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000974238Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:03.543{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000974144Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:03.529{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000974143Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:03.529{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000973904Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:02.489{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000973649Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:01.436{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000973326Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:58:00.398{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000973054Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:59.370{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000972948Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:58.346{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000972847Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:57.322{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000972747Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:56.288{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000972646Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:55.267{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000972545Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:54.245{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000972445Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:53.228{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000972357Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:53.208{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000972356Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:53.208{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000972159Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:52.179{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000972040Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:51.162{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000971915Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:50.141{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000971813Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:49.114{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000971708Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:48.095{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000971601Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:47.070{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000971452Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:46.052{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000971350Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:45.031{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000971251Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:44.009{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000971152Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:42.981{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000971066Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:42.965{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000971065Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:42.965{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000970862Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:41.917{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000970762Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:40.892{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000970662Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:39.867{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000970553Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:38.842{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000970437Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:37.809{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000970327Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:36.792{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000970220Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:35.771{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000970119Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:34.748{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000970016Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:33.731{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000969912Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:32.710{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000969826Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:32.698{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000969825Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:32.698{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000969600Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:31.664{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000969463Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:30.574{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000969356Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:29.520{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000969257Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:28.499{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000969158Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:27.477{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000969058Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:26.457{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000968957Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:25.435{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000968858Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:24.410{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000968755Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:23.387{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000968649Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:22.370{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000968563Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:22.358{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000968562Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:22.358{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000968367Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:21.320{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000968267Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:20.278{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000968168Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:19.254{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000968069Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:18.235{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000967970Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:17.214{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000967871Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:16.197{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000967771Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:15.176{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000967670Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:14.159{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000967570Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:13.140{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000967469Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:12.120{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000967383Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:12.109{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000967382Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:12.109{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000967182Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:11.079{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000967064Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:10.061{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000966959Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:09.044{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000966855Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:08.024{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000966740Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:07.006{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000966630Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:05.988{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000966510Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:04.961{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000966400Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:03.905{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000966298Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:02.876{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000966175Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:01.843{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000966089Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:01.818{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000966088Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:01.818{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000965887Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:57:00.782{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000965786Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:59.761{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000965683Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:58.725{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000965582Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:57.682{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000965483Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:56.662{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000965381Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:55.630{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000965278Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:54.586{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000965166Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:53.553{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000965021Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:52.513{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000964772Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:51.456{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000964686Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:51.445{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000964685Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:51.445{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000964120Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:50.344{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000963529Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:49.324{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000963416Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:48.304{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000963304Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:47.276{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000963062Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:46.255{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000962807Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:45.225{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000962497Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:44.199{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000962380Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:43.171{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000962287Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:42.146{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000962201Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:41.123{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000962144Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:41.115{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000962143Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:41.115{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000961960Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:40.056{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000961868Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:39.023{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000961757Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:37.967{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000961663Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:36.901{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000961577Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:35.882{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000961490Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:34.863{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000961405Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:33.848{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000961318Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:32.820{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000961223Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:31.795{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000961123Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:30.774{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000961064Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:30.750{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000961063Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:30.750{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000960874Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:29.668{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000960789Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:28.650{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000960704Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:27.627{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000960619Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:26.593{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000960534Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:25.561{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000960447Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:24.544{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000960358Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:23.527{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000960269Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:22.506{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000960182Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:21.487{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000960093Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:20.463{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000960036Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:20.455{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000960035Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:20.453{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000959848Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:19.422{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000959743Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:18.397{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000959609Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:17.377{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000959522Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:16.349{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000959437Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:15.331{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000959311Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:14.310{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000959226Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:13.291{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000959129Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:12.258{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000959024Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:11.223{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000958938Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:10.193{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000958883Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:10.193{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000958882Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:10.193{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000958692Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:09.140{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000958606Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:08.139{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000958519Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:07.093{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000958434Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:06.074{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000958348Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:05.042{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000958261Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:03.980{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000958176Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:02.959{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000958091Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:01.928{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000958007Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:56:00.881{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000957923Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:59.877{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000957868Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:59.844{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000957867Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:59.844{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000957687Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:58.813{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000957600Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:57.779{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000957515Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:56.746{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000957429Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:55.730{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000957344Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:54.698{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000957258Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:53.684{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000957174Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:52.648{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000957073Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:51.600{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000956966Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:50.599{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000956881Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:49.562{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000956826Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:49.545{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000956825Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:49.545{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000956645Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:48.499{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000956559Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:47.463{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000956475Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:46.417{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000956390Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:45.386{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000956306Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:44.365{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000956222Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:43.334{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000956130Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:42.288{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000956046Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:41.251{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000955961Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:40.251{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000955876Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:39.220{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000955821Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:39.204{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000955820Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:39.204{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000955620Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:38.167{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000955525Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:37.121{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000955441Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:36.106{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000955356Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:35.087{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000955271Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:34.052{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000955185Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:33.022{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000955090Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:31.970{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000954983Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:30.958{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000954889Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:29.915{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000954804Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:28.900{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000954749Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:28.884{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000954748Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:28.884{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000954568Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:27.853{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000954484Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:26.832{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000954400Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:25.818{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000954316Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:24.803{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000954230Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:23.787{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000954143Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:22.750{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000954058Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:21.734{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000953972Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:20.703{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000953888Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:19.686{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000953804Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:18.656{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000953749Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:18.634{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000953748Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:18.634{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000953568Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:17.588{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000953483Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:16.558{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000953399Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:15.522{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000953315Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:14.504{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000953231Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:13.504{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000953147Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:12.458{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000953062Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:11.421{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000952978Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:10.405{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000952894Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:09.375{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000952809Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:08.360{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000952754Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:08.356{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000952753Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:08.355{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000952573Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:07.322{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000952489Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:06.291{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000952404Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:05.257{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000952320Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:04.239{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000952236Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:03.209{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000952152Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:02.193{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000952067Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:01.140{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000951981Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:55:00.125{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000951896Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:59.094{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000951811Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:58.077{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000951756Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:58.062{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000951755Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:58.062{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000951574Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:56.993{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000951490Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:55.959{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000951405Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:54.911{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000951320Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:53.881{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000951235Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:52.865{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000951150Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:51.829{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000951064Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:50.813{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000950979Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:49.782{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000950894Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:48.761{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000950809Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:47.731{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000950754Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:47.714{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000950753Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:47.714{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000950573Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:46.668{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000950489Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:45.616{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000950405Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:44.565{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000950320Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:43.533{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000950230Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:42.503{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000950138Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:41.471{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000950054Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:40.451{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000949970Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:39.419{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000949870Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:38.418{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000949767Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:37.388{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000949712Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:37.369{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000949711Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:37.366{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000949529Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:36.304{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000949443Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:35.252{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000949359Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:34.237{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000949275Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:33.206{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000949180Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:32.176{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000949080Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:31.170{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000948985Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:30.131{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000948901Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:29.130{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000948816Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:28.099{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000948731Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:27.069{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000948676Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:27.054{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000948675Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:27.054{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000948492Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:26.017{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000948408Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:24.987{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000948322Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:23.935{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000948237Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:22.933{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000948152Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:21.917{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000948066Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:20.886{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000947982Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:19.856{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000947898Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:18.849{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000947805Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:17.829{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000947716Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:16.799{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000947661Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:16.783{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000947660Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:16.783{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000947476Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:15.748{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000947391Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:14.717{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000947264Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:13.686{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000947177Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:12.653{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000947092Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:11.632{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000947008Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:10.601{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000946923Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:09.570{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000946839Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:08.518{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000946755Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:07.504{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000946671Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:06.473{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000946616Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:06.473{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000946615Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:06.473{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000946435Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:05.436{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000946349Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:04.391{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000946264Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:03.354{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000946179Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:02.335{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000946095Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:01.319{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000946011Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:54:00.287{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000945927Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:59.273{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000945842Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:58.237{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000945757Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:57.205{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000945672Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:56.175{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000945617Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:56.159{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000945616Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:56.159{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000945435Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:55.137{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000945350Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:54.121{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000945265Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:53.105{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000945180Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:52.088{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000945081Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:51.071{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000944975Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:50.047{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000944891Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:49.014{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000944806Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:47.999{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000944722Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:46.983{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000944638Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:45.952{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000944583Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:45.952{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000944582Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:45.952{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000944402Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:44.901{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000944318Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:43.886{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000944234Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:42.850{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000944140Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:41.819{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000944056Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:40.774{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000943972Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:39.759{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000943878Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:38.753{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000943775Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:37.707{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000943691Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:36.677{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000943606Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:35.662{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000943551Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:35.662{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000943550Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:35.662{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000943368Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:34.639{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000943283Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:33.593{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000943194Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:32.563{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000943100Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:31.525{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000943000Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:30.478{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000942915Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:29.459{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000942831Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:28.423{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000942746Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:27.392{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000942662Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:26.359{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000942577Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:25.325{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000942522Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:25.310{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000942521Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:25.310{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000942341Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:24.257{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000942254Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:23.226{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000942169Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:22.196{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000942084Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:21.142{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000942000Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:20.112{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000941916Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:19.082{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000941832Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:18.045{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000941747Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:17.030{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000941663Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:15.984{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000941578Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:14.932{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000941523Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:14.916{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000941522Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:14.916{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000941342Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:13.865{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000941258Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:12.831{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000941173Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:11.800{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000941089Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:10.769{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000941005Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:09.746{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000940921Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:08.716{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000940837Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:07.700{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000940752Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:06.670{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000940667Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:05.618{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000940582Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:04.571{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000940527Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:04.571{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000940526Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:04.571{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000940346Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:03.535{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000940262Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:02.505{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000940178Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:01.469{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000940093Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:53:00.436{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000940009Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:59.406{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000939925Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:58.374{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000939841Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:57.353{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000939757Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:56.307{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000939671Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:55.277{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000939587Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:54.240{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000939532Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:54.240{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000939531Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:54.240{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000939350Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:53.178{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000939264Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:52.142{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000939178Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:51.079{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000939090Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:50.062{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000939004Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:49.041{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000938918Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:48.010{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000938832Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:46.977{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000938746Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:45.943{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000938659Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:44.913{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000938571Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:43.897{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000938512Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:43.874{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000938511Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:43.859{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000938328Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:42.759{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000938234Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:41.741{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000938148Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:40.727{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000938061Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:39.681{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000937959Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:38.660{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000937856Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:37.629{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000937769Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:36.583{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000937681Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:35.562{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000937594Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:34.558{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000937506Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:33.528{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000937447Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:33.512{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000937446Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:33.512{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000937257Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:32.460{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000937153Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:31.429{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000937059Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:30.422{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000936973Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:29.400{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000936886Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:28.385{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000936800Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:27.354{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000936714Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:26.302{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000936628Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:25.286{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000936542Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:24.256{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000936450Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:23.223{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000936391Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:23.204{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000936390Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:23.204{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000936204Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:22.172{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000936117Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:21.104{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000936031Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:20.057{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000935945Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:19.042{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000935859Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:18.006{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000935771Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:16.975{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000935685Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:15.958{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000935599Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:14.922{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000935513Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:13.876{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000935385Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:12.862{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000935326Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:12.846{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000935325Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:12.846{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000935143Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:11.810{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000935057Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:10.764{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000934971Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:09.710{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000934885Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:08.695{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000934799Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:07.664{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000934711Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:06.633{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000934622Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:05.597{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000934533Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:04.567{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000934436Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:03.527{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000934346Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:02.496{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000934287Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:02.464{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000934286Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:02.464{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000934097Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:01.431{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000934010Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:52:00.379{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000933920Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:59.357{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000933833Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:58.287{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000933746Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:57.257{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000933659Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:56.227{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000933566Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:55.190{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000933438Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:54.142{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000933350Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:53.127{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000933257Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:52.097{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000933198Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:52.075{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000933197Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:52.075{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000932988Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:51.029{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000932877Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:49.977{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000932783Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:48.931{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000932673Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:47.910{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000932588Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:46.879{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000932504Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:45.860{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000932420Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:44.824{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000932335Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:43.807{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000932250Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:42.789{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000932157Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:41.741{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000932102Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:41.725{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000932101Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:41.725{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000931921Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:40.610{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000931835Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:39.588{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000931730Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:38.539{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000931637Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:37.509{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000931551Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:36.488{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000931464Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:35.457{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000931378Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:34.430{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000931291Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:33.408{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000931202Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:32.378{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000931098Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:31.359{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000931043Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:31.343{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000931042Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:31.343{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000930852Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:30.313{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000930768Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:29.294{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000930684Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:28.242{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000930599Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:27.211{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000930515Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:26.187{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000930431Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:25.157{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000930347Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:24.125{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000930260Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:23.095{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000930175Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:22.074{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000930090Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:21.044{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000930035Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:21.028{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000930034Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:21.028{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000929854Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:19.998{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000929770Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:18.961{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000929686Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:17.927{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000929601Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:16.908{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000929517Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:15.878{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000929433Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:14.855{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000929349Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:13.792{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000929265Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:12.772{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000929179Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:11.736{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000929092Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:10.688{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000929037Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:10.673{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000929036Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:10.673{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000928856Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:09.651{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000928772Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:08.624{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000928688Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:07.588{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000928604Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:06.541{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000928518Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:05.441{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000928433Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:04.425{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000928349Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:03.393{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000928265Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:02.355{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000928179Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:01.319{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000928093Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:00.252{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000928038Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:00.236{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000928037Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:51:00.236{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000927857Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:59.217{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000927772Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:58.202{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000927688Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:57.165{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000927601Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:56.149{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000927515Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:55.118{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000927430Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:54.087{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000927345Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:53.051{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000927260Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:52.006{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000927153Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:50.992{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000927051Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:49.971{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000926994Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:49.955{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000926993Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:49.955{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000926811Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:48.937{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000926725Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:47.903{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000926640Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:46.873{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000926554Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:45.838{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000926468Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:44.806{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000926382Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:43.760{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000926294Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:42.745{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000926200Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:41.724{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000926113Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:40.695{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000926021Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:39.663{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000925961Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:39.647{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000925960Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:39.647{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000925760Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:38.611{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000925665Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:37.574{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000925578Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:36.541{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000925491Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:35.495{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000925404Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:34.481{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000925317Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:33.429{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000925231Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:32.428{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000925129Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:31.398{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000925026Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:30.383{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000924939Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:29.364{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000924881Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:29.349{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000924880Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:29.349{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000924698Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:28.298{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000924611Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:27.261{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000924525Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:26.242{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000924439Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:25.195{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000924353Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:24.180{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000924263Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:23.144{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000924177Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:22.130{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000924088Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:21.099{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000924001Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:20.047{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000923915Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:19.001{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000923857Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:19.001{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000923856Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:19.001{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000923674Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:17.949{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000923588Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:16.919{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000923501Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:15.919{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000923415Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:14.902{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000923329Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:13.850{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000923242Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:12.820{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000923142Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:11.803{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000923035Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:10.786{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000922948Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:09.761{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000922862Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:08.747{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000922804Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:08.731{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000922803Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:08.731{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000922622Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:07.694{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000922536Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:06.677{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000922450Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:05.642{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000922364Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:04.612{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000922277Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:03.581{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000922190Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:02.545{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000922104Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:01.499{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000922017Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:50:00.447{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000921923Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:59.416{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000921830Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:58.402{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000921772Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:58.386{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000921771Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:58.386{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000921496Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:57.341{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000921358Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:56.295{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000921273Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:55.279{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000921189Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:54.248{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000921102Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:53.196{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000921014Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:52.180{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000920918Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:51.148{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000920812Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:50.132{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000920726Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:49.077{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000920642Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:48.031{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000920588Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:48.031{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000920587Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:48.031{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000920408Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:46.994{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000920254Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:45.963{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000920168Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:44.946{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000920083Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:43.878{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000919999Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:42.863{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000919907Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:41.833{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000919822Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:40.796{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000919734Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:39.780{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000919639Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:38.767{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000919517Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:37.681{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000919463Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:37.650{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000919462Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:37.650{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000919274Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:36.596{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000919190Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:35.550{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000919105Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:34.530{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000919021Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:33.496{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000918924Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:32.481{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000918825Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:31.435{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000918724Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:30.413{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000918640Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:29.397{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000918555Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:28.366{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000918470Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:27.335{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000918418Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:27.314{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000918417Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:27.314{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000918237Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:26.266{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000918153Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:25.236{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000918068Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:24.199{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000917982Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:23.168{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000917898Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:22.153{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000917812Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:21.137{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000917723Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:20.116{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000917638Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:19.070{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000917553Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:18.056{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000917462Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:17.041{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000917409Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:17.041{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000917408Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:17.041{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12170|C:\Windows\System32\advapi32.dll+117c5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000917227Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:16.004{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000917142Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:14.970{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000917057Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:13.953{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000916970Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-713.attackrange.local-2022-05-31 12:49:12.936{E0516A88-F128-6295-FC00-000000005602}56566740C:\Users\Administrator\Downloads\procexp64.exe{E0516A88-0E85-6296-3409-000000005602}7340C:\Windows\system32\msdt.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791